http://git-wip-us.apache.org/repos/asf/qpid-site/blob/4ae9ccad/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Keystores.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Keystores.html b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Keystores.html new file mode 100644 index 0000000..23bb1a9 --- /dev/null +++ b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Keystores.html @@ -0,0 +1,186 @@ + + + + + 7.12. Keystores - Apache Qpid™ + + + + + + + + + + + + + +
+
+ Menu + + Search + + +
+ + + + + +
+ + +
+

7.12. Keystores

A Keystore is required by a Port in + order to use SSL for messaging and/or management.

The Broker supports a number of different keystore types. These are described + below.

The key material may be held by the Broker itself (held inline within the configuration) + or you may use references to files on the server's file system. Whichever mechanism is + chosen it is imperative to ensure that private key material remains confidential.

7.12.1. Types

The following keystore types are supported.

  • File Key Store. This type accepts the standard JKS + keystore format undertood by Java and Java tools such as keytool.

    If the keystore contains multiple keys, it is possible to indicate which + certificate is to be used by specifying an alias. If no alias is specified + the first certificate found in the keystore will be used.

  • Non Java Key Store. A Non Java Keystore accepts key + material in PEM and DER file formats. With this store type it is necessary + to provide the private key, which must not be protected by password, + certificate and optionally a file containing intermediate + certificates.

  • Auto Generated Self Signed has the ability to + generate a self signed certificate and produce a truststore + suitable for use by an application using the Apache Qpid JMS client for AMQP 0-9-1/0-10.

    The use of self signed certficates is not recommended for production + use.

+

7.12.2. Attributes

+

  • Name the keystore. Used to identify the + keystore.

+

The following attributes apply to File Key Stores only.

+

  • Keystore path. File Key Stores only. Path to keystore + file

  • Keystore password. Password used to secure the keystore

    Important

    The password of the certificate used by the Broker must match the password of the keystore + itself. This is a restriction of the Broker implementation. If + using the keytool utility, note + that this means the argument to the -keypass option + must match the -storepass option.

  • Certificate Alias. An optional way of specifying + which certificate the broker should use if the keystore contains multiple + entries.

  • Manager Factory Algorithm.In keystores the have more + than one certificate, the alias identifies the certificate to be + used.

  • Key Store Type. Type of Keystore.

+

The following attributes apply to Non Java Key Stores + only.

+

  • Private Key. The private key in DER or PEM format. + This file must not be password protected.

  • Certificate. The cerificate in DER or PEM + format.

  • Intermediates Certificates . Optional. Intermediate + cerificates in PEM or DER format.

+

The following attributes apply to Auto Generated Self Signed + only.

+

  • Algorithm. Optional. Algorithm used to generate the + self-signed certificate.

  • Signature Algorithm . Optional. The name of signature + algorithm.

  • Key Length. Optional. Length of the key in + bits.

  • Duration. Optional. Validility period in + months.

+

7.12.3. Children

None

7.12.4. Lifecycle

Not supported

+ +
+ + + + +
+
+
+ + http://git-wip-us.apache.org/repos/asf/qpid-site/blob/4ae9ccad/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Plugin-HTTP.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Plugin-HTTP.html b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Plugin-HTTP.html new file mode 100644 index 0000000..633e4a6 --- /dev/null +++ b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Plugin-HTTP.html @@ -0,0 +1,153 @@ + + + + + 7.16. HTTP Plugin - Apache Qpid™ + + + + + + + + + + + + + +
+
+ Menu + + Search + + +
+ + + + + +
+ + +
+

7.16. HTTP Plugin

The HTTP Plugin provides the HTTP management channel comprising of the Web + Management Console and the REST API.

7.16.1. Attributes

+

  • Basic Authentication for HTTP. It is set to false + (disabled) by default.

  • Basic Authentication for HTTPS. It is set to true + (enabled) by default.

  • SASL Authentication for HTTP. It is set to true + (enabled) by default.

  • SASL Authentication for HTTPS. It is set to true + (enabled) by default.

  • Session timeout is the timeout in seconds to close + the HTTP session. It is set to 10 minutes by default.

+

7.16.2. Children

None

7.16.3. Lifecycle

Not supported

Important

NOTE: Changes to the Session Timeout attribute only take + effect at broker restart.

+ +
+ + + + +
+
+
+ + http://git-wip-us.apache.org/repos/asf/qpid-site/blob/4ae9ccad/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Ports.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Ports.html b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Ports.html new file mode 100644 index 0000000..621e6d9 --- /dev/null +++ b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Ports.html @@ -0,0 +1,176 @@ + + + + + 7.10. Ports - Apache Qpid™ + + + + + + + + + + + + + +
+
+ Menu + + Search + + +
+ + + + + +
+ + +
+

7.10. Ports

Ports provide TCP/IP connectivity for messaging and management. A port is defined to use a + protocol. This can be an AMQP protocol for messaging or HTTP for management.

A port is defined to have one or more transports. A transport can either be plain (TCP) or + SSL (TLS). When SSL is in use, the port can be configured to accept or require client + authentication.

Any number of ports defined to use AMQP or HTTP protocols can be defined.

Ports can only be managed by the HTTP management channel.

7.10.1. Context

+

  • qpid.port.max_open_connections. The default maximum number + of concurrent connections supported by an AMQP port.

  • qpid.port.amqp.acceptBacklog. The backlog is the maximum + number of pending connections that may be queued by the AMQP port. Once the queue + is full, further connections will be refused. This is a request to the operating system + which may or may not be respected. The operating system itself may impose a ceiling. + [11]

+

7.10.2. Attributes

  • Name the port.

  • Port number.

  • Binding address. Used to limit port binding to a + single network interface.

  • Authentication Provider. The authentication + provider used to authenticate incoming connections.

  • Protocol(s). A list of protocols to be supported by + the port. For messaging choose one or more AMQP protocols. For management + choose HTTP.

  • Transports. A list of transports supported by the + port. For messaging or HTTP management chose TCP, SSL or both.

  • Enabled/Disabled Cipher Suites. Allows cipher + suites supported by the JVM to be enabled or disabled. The cipher + suite names are those understood by the JVM. +

    SSLv3 is disabled by default.

  • Keystore. Keystore + containing the Broker's private key. Required if SSL is in use.

  • Want/Need Client Auth. Client authentication can be + either accepted if offered (want), or demanded (need). When Client + Certificate Authentication is in use a Truststore must be configured. When + using Client Certificate Authentication it may be desirable to use the External Authentication + Provider.

  • Truststore. Trust store + contain an issuer certificate or the public keys of the clients themselves + if peers only is desired.

  • Maximum Open Connections. AMQP ports only. Limits + the number of connections that may be open at any one time.

  • Thread pool size. AMQP ports only. Number of worker threads + used to process AMQP connections during connection negotiation phase.

    Defaults to 8.

  • Number of selectors. AMQP ports only. Number of worker threads + used from the thread pool to dispatch I/O activity to the worker threads.

    Defaults to one eighth of the thread pool size. Minimum 1.

7.10.3. Children

+

  • Connection

+

7.10.4. Lifecycle

Not supported

Important

When updating an existing port, changes to SSL settings, binding address and port + numbers do not become effective until the Broker is restarted.



[11] Some Linux distributions govern the ceiling with a sysctl + setting net.core.somaxconn.

+ +
+ + + + +
+
+
+ + http://git-wip-us.apache.org/repos/asf/qpid-site/blob/4ae9ccad/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Queues.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Queues.html b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Queues.html new file mode 100644 index 0000000..0b8535b --- /dev/null +++ b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Queues.html @@ -0,0 +1,162 @@ + + + + + 7.8. Queues - Apache Qpid™ + + + + + + + + + + + + + +
+
+ Menu + + Search + + +
+ + + + + +
+ + +
+

7.8. Queues

Queues are named entities that + hold/buffer messages for later delivery to consumer applications.

Queues can be managed using the HTTP or AMQP channels.

7.8.1. Types

The Broker supports four different queue types, each with different delivery semantics.

  • Standard - a simple First-In-First-Out (FIFO) queue

  • Priority - delivery order depends on the priority of each message

  • Sorted - + delivery order depends on the value of the sorting key property in each message

  • Last Value + Queue - also known as an LVQ, retains only the last (newest) message received + with a given LVQ key value

7.8.2. Attributes

  • Name of the queue. Message consumers and browsers refer to this + name when they wish to subscribe to queue to receive messages from it.

  • Type of the queue. Can be either standard, priority, sorted, or lvq.

  • Durable. Whether the queue survives a restart. Messages on a + non durable queue do not survive a restart even if they are marked persistent.

  • Maximum/Minimum TTL. Defines a maximum and minimum + time-to-live. Messages arriving with ttl larger than the maximum will be overridden by + the maximum. Similarly, messages arriving with tll less than the minimum (or no ttl at + all), will be overridden by the minimum.

    Changing these values affects only new arrivals, existing messages already on the + queue are not affected.

  • Message persistent override. Allow message persistent settings + of incoming messages to be overridden. Changing this value affects only new arrivals, + existing messages on the queue are not affected.

  • Queue capacity. Queues have the ability to limit the of the + cumulative size of all the messages contained within the store. This feature is + described in detail Section 9.2, “Disk Space Management”.

  • Alerting Thresholds. Queues have the ability to alert on a + variety of conditions: total queue depth exceeded a number or size, message age exceeded + a threshold, message size exceeded a threshold. These thresholds are soft. See Appendix D, Queue Alerts

  • Maximum Delivery Count/Alternate Exchange. See Section 9.4, “Handing Undeliverable Messages”

  • Message Groups. See Section 4.7.3, “Messaging Grouping”

7.8.3. Children

+

  • Binding

+

7.8.4. Lifecycle

Not supported

+ +
+ + + + +
+
+
+ + http://git-wip-us.apache.org/repos/asf/qpid-site/blob/4ae9ccad/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-RemoteReplicationNodes.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-RemoteReplicationNodes.html b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-RemoteReplicationNodes.html new file mode 100644 index 0000000..e9b25f5 --- /dev/null +++ b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-RemoteReplicationNodes.html @@ -0,0 +1,167 @@ + + + + + 7.6. Remote Replication Nodes - Apache Qpid™ + + + + + + + + + + + + + +
+
+ Menu + + Search + + +
+ + + + + +
+ + +
+

7.6. Remote Replication Nodes

Used for HA only. A remote replication node is a representation of another virtualhost node + in the group. Remote replication nodes are not created directly. Instead the system + automatically creates a remote replication node for every node in the group. It serves to + provide a view of the whole group from every node in the system.

7.6.1. Attributes

  • Name the remote replication node. This is the name of the + remote virtualhost node

  • Role. Indicates the role that the remote node is playing in the + group at this moment.

    • MASTER - Remote node is a master.

    • REPLICA - Remote node is a replica.

    • UNREACHABLE - Remote node unreachable from this node. + This remote note may be down, or an network problem may prevent it from being + contacted.

    +

  • Join time. Time when first contact was established with this + node.

  • Last known transaction id. Last transaction id reported + processed by node. This is an internal transaction counter and does not relate to any + value available to the messaging clients. This value can only be used to determine the + node is up to date relative to others in the group.

7.6.2. Children

None

7.6.3. Lifecycle

+

  • Delete. Causes the remote node to be permanently removed from + the group. This operation should be used when the virtualhost node cannot be deleted + from its own Broker, for instance, if a Broker has been destroyed by machine + failure.

+

7.6.4. Operations

+

  • Transfer Master. Initiates a process where a master is moved to + anther node in the group. The transfer sequence is as follows.

    1. Group waits until the proposed master is reasonable up to date.

    2. Any in-flight transactions on the current master are blocked.

    3. The current master awaits the proposed master to become up to date.

    4. The mastership is transferred. This will automatically disconnect messaging + clients from the old master, and in-flight transactions are rolled back. Messaging + clients reconnect to the new master.

    5. The old master will rejoin as a replica.

    +

+

+ +
+ + + + +
+
+
+ + http://git-wip-us.apache.org/repos/asf/qpid-site/blob/4ae9ccad/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Truststores.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Truststores.html b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Truststores.html new file mode 100644 index 0000000..9c5226c --- /dev/null +++ b/content/releases/qpid-java-6.0.6/java-broker/book/Java-Broker-Management-Managing-Truststores.html @@ -0,0 +1,168 @@ + + + + + 7.13. Truststores - Apache Qpid™ + + + + + + + + + + + + + +
+
+ Menu + + Search + + +
+ + + + + +
+ + +
+

7.13. Truststores

A Truststore is required by a + Port in order to SSL client authentication. Some authentication provides also use a + truststore when connecting to authentication systems that are protected by a private issuer + SSL certificate.

7.13.1. Types

The following truststore types are supported.

  • File Trust Store. This type accepts the standard JKS + truststore format understood by Java and Java tools such as keytool.

  • Non Java Trust Store. A non java trust store accepts key + material in PEM and DER file formats. Either a path to the certificate on the server can be specified using the file:// protocol or the certificate can be uploaded with the data:// protocol

  • Managed Certificate Store. This type accepts key + material in PEM and DER file formats. Contrary to the Non Java Trust Store this store allows the user to add multiple certificates and stores them in the broker configuration.

  • Site Specific Trust Store. This type will download a certificate from the provided SSL/TLS enabled URL. Note that you must specify both the protocol and the port. Example: https://example.com:443

+

7.13.2. Attributes

+

  • Name the truststore. Used to identify the + truststore.

+

The following attributes apply to File Trust Stores only.

+

  • Path. Path to truststore file

  • Truststore password. Password used to secure the truststore

    Important

    The password of the certificate used by the Broker must match the password of the keystore + itself.

  • Certificate Alias. An optional way of specifying + which certificate the broker should use if the keystore contains multiple + entries.

  • Manager Factory Algorithm. In keystores the have more + than one certificate, the alias identifies the certificate to be + used.

  • Key Store Type. Type of Keystore.

  • Peers only. When "Peers Only" option is selected for + the Truststore it will allow authenticate only those clients that present a + certificate exactly matching a certificate contained within the Truststore + database.

+

The following attributes apply to Non Java Trust Stores + only.

+

  • Certificates. The cerificate(s) in DER or PEM + format.

+

7.13.3. Children

None

7.13.4. Lifecycle

Not supported

+ +
+ + + + +
+
+
+ + --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org For additional commands, e-mail: commits-help@qpid.apache.org