Messaging server

Changing the configuration of a messaging server

To modify the configuration of an orchestrator, edit conf/messaging-server/platform.properties and tune these parameters.

Global

Parameter Description

com.axway.platform.name

If you want more than one instance of messaging server installed as services on the same environment, edit this property.

Its value will be used as the service name. (Default name is DecisionInsightMessagingSystemServer)

Server basics

These are parameters used to configure the identifier of a messaging server and the replication rules for high availability.

Parameter
reserved.broker.max.id

default.replication.factor

min.insync.replicas


The default configuration is:

conf/platform.properties
reserved.broker.max.id=9999
default.replication.factor=1
min.insync.replicas=1

Socket server settings

These properties are used to configure the network connections and socket communication employed by the messaging server.

Parameter Description

listeners

 Comma-separated list of URIs we will listen on and their protocol:
  • SSL://<server>:<port> for secure communications
  • PLAINTEXT://<server>:<port> for unsecure communications  (not recommended)

<server>: the server's hostname

for unsecure communications, that parameter has to be added

security.inter.broker.protocol=PLAINTEXT

advertised.listeners

Comma separated list of listeners. e.g: SSL://<server>:<port> or PLAINTEXT://<server>:<port> (not recommended)

Listeners connection string published to orcherstrator, if different than the listeners. In some environments (eg: in a docker image), this may need to be different from the interface to which the messaging server binds.

Not mandatory: If this is not set, the value for listeners will be used.

security.inter.broker.protocol

SSL by default

PLAINTEXT (not recommended) to not secure communications.

num.network.threads

The number of network threads that the server uses for handling network requests

num.io.threads

The number of io threads that the server uses for carrying out network requests

socket.send.buffer.bytes

The size of operating system's outgoing buffer (SO_SNDBUF) of the sever sockets. If the value is -1, the OS default will be used.

socket.receive.buffer.bytes

The size of operating system's incoming buffer (SO_RECVBUF) of the sever sockets. If the value is -1, the OS default will be used.

socket.request.max.bytes

The maximum number of bytes in a socket request.


The default configuration is:

conf/platform.properties
listeners=SSL://<host>:<port>
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600

TLS configuration

TLS configuration refers to securing the communication channel between messaging servers (inter communication), as well as the communication between clients and the messaging server.

Clients are either consumers or producers of data. Their communication with the messaging server is secured by using mutual authentication, which implies that both the client and the server should be identified using X.509 authentication.

Consumers/producers and Messaging Server must have

Generate keystore and truststore

For information about how to generate a keystore and a truststore, see How to generate keys and certificate files for TLS mutual authentication in the latest version of the Decision Insight documentation at https://docs.axway.com/category/analytics.

Retrieve the FQDN

Linux
> hostname --fqdn
Windows (using powershell)
> [System.Net.Dns]::GetHostByName(($env:computerName))


The following parameters pertain to TLS configuration:

Parameter Description (tick) mandatory / (question) optional
listeners

Comma separated list of listeners. e.g: SSL://<server>:<port>

(tick)
ssl.keystore.location The location of the key store file. (tick)
ssl.keystore.password The password for the key store file. (tick)
ssl.key.password The password of the private key in the key store file. (tick)
ssl.keystore.type The file format of the key store file. Default value is JKS . (question)
ssl.truststore.location The location of the trust store file. (tick)
ssl.truststore.password The password for the trust store file. (tick)
ssl.truststore.type The file format of the trust store file. Default value is JKS. (question)
ssl.client.auth

Can be either:

  • required : mutual authentication will be performed (default)
  • none (not recommended)
(tick)
ssl.endpoint.identification.algorithm

The endpoint identification algorithm to validate server hostname using server certificate. This ensure that common name used (CN) must match the server. I f an incorrect CN or an ip address instead of server hostname is configured , the parameter will prevent the connection to be established.

Value: HTTPS. An empty value instead of HTTPS will deactivate this control.

(tick)
security.inter.broker.protocol

Security protocol used to communicate between servers.

  • SSL (default)
  • PLAINTEXT: (not recommended) in this case, listener must also contain a connection string for this communication channel (e.g: PLAINTEXT://<server>:<port>)
(tick)
ssl.enabled.protocols

Comma-separated list of protocol that you are going to accept from clients:

  • TLSv1.2 (default - we recommend to only use this value for all TLS connections)
  • TLSv1.1
  • TLSv1

By default, all values are used.

(question)
ssl.cipher.suites

Comma-separated list of TLS usable cipher suites . The default is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.

We advise using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite for all TLS connections.

Other recommended cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256

For more information and all available values, see supported cipher suites.

(question)

Sample

Sample with mutual authentication and secured server inter communications configuration in conf/platform.properties
(...)
############################# Socket Server Settings #############################
# The address the socket server listens on. It will get the value returned from
listeners=SSL://my.host.com:9092

ssl.keystore.location=/path/to/replace/server.keystore.jks
ssl.keystore.password=someP@ssword
ssl.key.password=someP@ssword
ssl.truststore.location=/path/to/replace/server.truststore.jks
ssl.truststore.password=someP@ssword

ssl.client.auth=required
ssl.enabled.protocols=TLSv1.2
ssl.cipher.suites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ssl.endpoint.identification.algorithm=HTTPS

security.inter.broker.protocol=SSL

num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
(...) 

Data persistence basics

Data are stored in the {working directory}/data/messaging-server. The {working directory} can be changed in the conf/path.conf.

These parameters configure data persistence.

Parameter Description

num.partitions

The default number of log partitions per topic. Messages are distributed between these partitions.

A partition cannot be split, so there can never be more consumers in a consumer group than num.partitions.

num.recovery.threads.per.data.dir

The number of threads per data directory to be used for log recovery at startup and flushing at shutdown.

The default configuration is:

conf/messaging-server/platform.properties
num.partitions=3
num.recovery.threads.per.data.dir=1

Data retention policy

These parameters control the retention and purge mechanism of the messaging server.

Parameter Description
log.retention.hours The number of hours to keep a log file before deleting it.
log.segment.bytes The maximum size of a single log file.
log.retention.check.interval.ms The frequency in milliseconds that the log cleaner checks whether any log is eligible for deletion.

The default configuration is:

conf/messaging-server/platform.properties
log.retention.hours=168
log.segment.bytes=1073741824
log.retention.check.interval.ms=300000

Orchestrator connection

These parameters configure the connection of a messaging server to orchestrators.

Parameter Description

zookeeper.connect

This is a comma-separated list of <host>:<port> pairs, each corresponding to an orchestrator.

zookeeper.connection.timeout.ms

The maximum time in milliseconds that the messaging server waits to establish a connection to zookeeper.

The default configuration is:

zookeeper.connect=<your hostname>:2181
zookeeper.connection.timeout.ms=6000

Logs

The default configuration of the node is to log all its activity:

  • <installation directory>/var/logs/messaging-server/node.log: global log (network, registration, topic creation etc...)
  • <installation directory>/var/logs/messaging-server/node-purge.log: data purge log

You can change the log settings Edit the <installation directory>/conf/messaging-server/log4j2.properties file – Your changes will take effect next time you start the node and for all subsequent runs.

Edit log4j2.properties file

Please refer to the official Log4j documentation to configure this file: Apache Log4J manual (external).

Related Links