Configuration Keys

A configuration key is a string that corresponds to a configuration parameter for the software broker. You can use configuration keys to set configuration parameters for the software event broker when you create a container or start a machine image. You do this by either:

  • passing the configuration key and its value to the container runtime at startup (for example, as a parameter to docker create)
  • adding the configuration key and its value to a datasource for cloud-init (for machine or cloud images)

For information about using these keys, see Initializing a Software Event Broker Container and Initializing a Machine Image using cloud-init.

The following table lists the configuration keys for the software event broker.

Configuration Key Description Value
configsync/enable

Enables Config-Sync.

To synchronize the HA pair after the software event brokers are initialized with Cloud-Init, you must manually assert system-level configuration of one event broker over its mate. For more information, see Asserting Event Broker System Configurations.

yes or no

The default value is no.

configsync/tls/enable

Enables the use of TLS encryption.

If enabled, and redundancy is also enabled, a pre-shared-key must be configured for config-sync to be operational.

yes or no

The default value is no.

interface/<ip_intf>/physical

Docker Host (Linux) physical interface bound to the Solace PubSub+ IP interface.

<os interface>

interface/<ip_intf>/virtualrouter The virtual router to which the Solace PubSub+ IP interface is assigned.

static, primary or backup

The default value is static.

interface/<ip_intf>/enable Indicates whether to enable the Solace PubSub+ IP interface.

yes or no

The default value is yes.

logging/<log_facility>/output The place where a log stream is sent. For more information, see Configuring Container Logging.

file, stdout, all or none

The default value is file.

Valid values for <log_facility> are debug, command, system, event or kernel.

logging/<log_facility>/format The format of a log stream if it is sent to stdout. For more information, see Configuring Container Logging.

legacy, rfc5424, graylog or raw

The default value is legacy.

If file is specified as the log stream destination, the output is always in the legacy format.

Valid values for <log_facility> are debug, command, system, event or kernel.

logging/retentionpolicy Controls the policy by which SolOS log files will be retained. If max-size is specified, log files will be retained up to their maximum file sizes allowed by SolOS. If days is specified, log files will be retained for the number of days indicated by the logging/retentionpolicymaxnumdays key.

max-size or days.

The default value is max-size.

logging/retentionpolicymaxnumdays Applicable only when the logging/retentionpolicy key is set to days. The maximum number of days SolOS log files will be retained for. The actual number of days that log files are retained may be less than this value in the event that heavy log output is experienced.

<max-num-days> value between 2 and 90.

The default value is 30.

messagespool/maxspoolusage The maximum amount of the event broker's available message spool resources (in MB) that can be used to spool messages. For details, see Configuring Max Spool Usage. The valid range is from 0 (in which case spooling is effectively disabled) to the maximum amount of message spool disk space supported for the entire system.
messagevpn/<name>/service/amqp/port The port within the software event broker container that is used by the AMQP service associated with the <name> message VPN . <port_number>
messagevpn/<name>/service/amqp/tlsport The port that the AMQP service associated with message VPN <name> uses for TLS traffic within the software event broker container. <port_number>

This setting takes effect only if a TLS server certificate is configured.

messagevpn/<name>/service/mqtt/port The port that the MQTT service associated with message VPN <name> uses within the software event broker container. <port_number>
messagevpn/<name>/service/mqtt/tlsport The port that the MQTT service associated with message VPN <name> uses for TLS traffic within the software event broker container. <port_number>

This setting takes effect only if a TLS server certificate is configured.

messagevpn/<name>/service/mqtt/webport The port that the MQTT service associated with message VPN <name> uses over WebSockets within the software event broker container. <port_number>
messagevpn/<name>/service/mqtt/tlswebport The port that the MQTT service associated with message VPN <name> uses over WebSockets for TLS traffic within the software event broker container. <port_number>

This setting takes effect only if a TLS server certificate is configured.

messagevpn/<name>/service/rest/port The port that the REST service associated with message VPN <name> uses within the software event broker container. <port_number>
messagevpn/<name>/service/rest/tlsport The port that the REST service associated with message VPN <name> uses for TLS traffic within the software event broker container. <port_number>

This setting takes effect only if a TLS server certificate is configured.

nodetype High-availability (HA) group node type.

message_routing or monitoring

The default value is message_routing.

productkey Installs the feature associated with the specified product key. For more information, see Product Keys on Software Event Brokers . The product key associated with the required feature(s).
redundancy/activestandbyrole The active standby role of message routing nodes in a HA Group.

primary or backup

The default value is primary.

redundancy/authentication/presharedkey/key The base64-encoded key to use as the redundancy pre-shared key. <key>
redundancy/authentication/presharedkey/keyfilepath The path to the file containing the base64-encoded key to use as the redundancy pre-shared key.

<key-file-path>

Only one of either key or keyfilepath must be supplied.

Relative file paths for files containing secrets are relative to the /run/secrets directory.

redundancy/enable Enables redundancy.

yes or no

The default value is no.

redundancy/group/node/<name>/connectvia The fully qualified domain name (FQDN) or IP address (and optional port) of a node in a HA Group. <addr-port>
redundancy/group/node/<name>/nodetype High-availability (HA) group node type.

message_routing or monitoring

The default value is message_routing.

redundancy/matelink/tls/enable Enables mate-link to use TLS encryption.

yes or no

The default value is no.

redundancy/matelink/remote/port The port the mate-links connects to on the HA mate. <port>
redundancy/mate/smf/port

The port that the mate event broker uses for plain-text SMF traffic. This setting is required only when each HA mate listens on a different port.

<port_number>
redundancy/mate/smf/compressedport The port that the mate event broker uses for compressed SMF traffic. This setting is required only when each HA mate listens on a different port. <port_number>
redundancy/mate/smf/tlsport The port that the mate event broker uses for TLS/SSL SMF traffic. This setting is required only when each HA mate listens on a different port. <port_number>
routername The Solace PubSub+ router name.

<router_name>

<router_name> must be constructed using only lowercase letters and numbers from 0 to 9, especially when it is to be used to configure redundancy. The use of other characters will prevent the proper functioning of redundancy.

service/healthcheck/port The port that the health check service listens on. <port_number>
service/matelink/port The port that the matelink service listens on. <port_number>
service/ssh/port

The port used by the sshd process within the software event broker container (Corresponds to Solace PubSub+ SSH, see Default Configuration for Software Event Brokers).

<port_number>
service/semp/port The port that SEMP service uses within the software event broker container. <port_number>
service/semp/tlsport The port that the SEMP service uses for TLS traffic within the software event broker container.

<port_number>

This setting takes effect only if a TLS server certificate is configured.

service/smf/compressedport The port that the SMF service uses for compressed traffic within the software event broker container. <port_number>
service/smf/port The port that the SMF service uses within the software event broker container. <port_number>
service/smf/routingport The port that the SMF service uses for routing control traffic within the software event broker container. <port_number>
service/smf/tlsport The port that the SMF service uses for TLS traffic within the software event broker container. <port_number>

This setting takes effect only if a TLS server certificate is configured.

service/amqp/tlsport The global port used by the AMQP service for TLS traffic within the software event broker container

<port>

This setting takes effect only if a TLS server certificate is configured.

service/webtransport/port The port that the Web Transport service uses within the software event broker container. <port_number>
service/webtransport/tlsport The port that the Web Transport service uses for TLS traffic within the software event broker container. <port_number>

This setting takes effect only if a TLS server certificate is configured.

service/redundancy/firstlistenport The first three ports are used for redundancy activity election. The second and third ports are used as required. For more information, see Default Configuration for Software Event Brokers. <port_number>
system/scaling/maxconnectioncount The maximum supported number of client connections. For more information, see Maximum Number of Client Connections.

100, 1000, 10000, 100000or 200000

The default value is 100.

system/scaling/maxqueuemessagecount The maximum number of queue messages, in millions of messages. For more information, see Maximum Number of Queue Messages.

100, 240, or 3000

The default value is 100.

tls/crimeexploitprotection/enable Enable protection against the CRIME exploit for TLS+compression. For more information, see Configuring CRIME Exploit Protection yes or no

The default value is yes.

tls/servercertificate/filepath The full path to the file containing the TLS server certificate.

<filepath>

If the TLS server certificate contained in the file is encrypted, then the path to a file containing the passphrase must be provided by the tls/servercertificate/ passphrasefilepath configuration key.

Relative file paths for files containing secrets are relative to the /run/secrets directory.

tls/servercertificate/passphrasefilepath The full path to the file containing the passphrase used to decrypt an encrypted TLS server certificate.

<filepath>

Relative file paths for files containing secrets are relative to the /run/secrets directory.

username/<name>/password A plain text Solace CLI user password for username <name>.

<password>

This configuration key is only suitable for development and testing activities and is not recommended for production deployments as it is not a secure way of transferring credentials to Solace PubSub+.

username/<name>/encryptedpassword An encrypted Solace CLI user password for username <name>.

<encryptedpassword>

SHA-512 is supported.

Salt prior to hashing, and the format should be: $6$salt$hashed-password

username/<name>/globalaccesslevel Creates a Solace CLI user with username <name> and assigns the access to global access level.

none, read-only, read-write, admin. The default value is none.

username/<name>/passwordfilepath The full path to the file containing the password for username <name>.

<passwordfilepath>

Relative file paths for files containing secrets are relative to the /run/secrets directory.