Configuration Keys

A configuration key is a string that corresponds to a configuration parameter for the software broker. You can use configuration keys to set configuration parameters for the software event broker when you create a container or start a machine image. You do this by either:

passing the configuration key and its value to the container runtime at startup (for example, as a parameter to docker create)
adding the configuration key and its value to a datasource for cloud-init (for machine or cloud images)

For information about using these keys, see Initializing a Software Event Broker Container and Initializing a Machine Image using cloud-init.

The following table lists the configuration keys for the software event broker.

Configuration Key	Description	Value
bruteforceprotection/enable	Enables brute force protection. For more information, see Configuring Brute Force Protection.	`yes` or `no` The default value is `yes`.
configsync/enable	Enables Config-Sync. To synchronize the HA pair after the software event brokers are initialized with Cloud-Init, you must manually assert system-level configuration of one event broker over its mate. For more information, see Asserting Event Broker System Configurations.	`yes` or `no` The default value is `no`.
configsync/tls/enable	Enables the use of TLS encryption. If enabled, and redundancy is also enabled, a pre-shared-key must be configured for config-sync to be operational.	`yes` or `no` The default value is `no`.
interface/<ip_intf>/physical	Docker Host (Linux) physical interface bound to the Solace PubSub+ IP interface.	<os interface>
interface/<ip_intf>/virtualrouter	The virtual router to which the Solace PubSub+ IP interface is assigned.	`static`, `primary` or `backup` The default value is `static`.
interface/<ip_intf>/enable	Indicates whether to enable the Solace PubSub+ IP interface.	`yes` or `no` The default value is `yes`.
logging/<log_facility>/output	The place where a log stream is sent. For more information, see Configuring Container Logging.	`file`, `stdout`, `all` or `none` The default value is `file`. Valid values for <log_facility> are `debug`, `command`, `system`, `event` or `kernel`.
logging/<log_facility>/format	The format of a log stream if it is sent to `stdout`. For more information, see Configuring Container Logging.	`legacy`, `rfc5424`, `graylog` or `raw` The default value is `legacy`. If `file` is specified as the log stream destination, the output is always in the `legacy` format. Valid values for <log_facility> are `debug`, `command`, `system`, `event` or `kernel`.
logging/<log_facility>/messageformat	The format of syslog messages emitted from the event broker. The `messageformat` key is valid only for the event and system syslog facilities.	`text` or `json` The default value is `text`. If `json` is specified, the corresponding value of `logging/<log_facility>/format` is ignored (the format will always be `raw`). This is also true if this value is switched later via the CLI.
logging/maxjsonmessagesize	The maximum size in bytes of JSON log messages. If a remote syslog destination is configured, the syslog header is included.	<max-size> value between `1024` and `8192`. The default value is `8192`.
logging/retentionpolicy	Controls the policy by which SolOS log files will be retained. If `max-size` is specified, log files will be retained up to their maximum file sizes allowed by SolOS. If `days` is specified, log files will be retained for the number of days indicated by the `logging/retentionpolicymaxnumdays` key.	`max-size` or `days`. The default value is `max-size`.
logging/retentionpolicymaxnumdays	Applicable only when the `logging/retentionpolicy` key is set to `days`. The maximum number of days SolOS log files will be retained for. The actual number of days that log files are retained may be less than this value in the event that heavy log output is experienced.	<max-num-days> value between `2` and `90`. The default value is `30`.
messagespool/maxspoolusage	The maximum amount of the event broker's available message spool resources (in MB) that can be used to spool messages. For details, see Configuring Max Spool Usage.	The valid range is from 0 (in which case spooling is effectively disabled) to the maximum amount of message spool disk space supported for the entire system.
messagevpn/<name>/service/amqp/port	The port within the software event broker container that is used by the AMQP service associated with the <name> message VPN.	<port_number>
messagevpn/<name>/service/amqp/tlsport	The port that the AMQP service associated with message VPN <name> uses for TLS traffic within the software event broker container.	<port_number> This setting takes effect only if a TLS server certificate is configured.
messagevpn/<name>/service/mqtt/port	The port that the MQTT service associated with message VPN <name> uses within the software event broker container.	<port_number>
messagevpn/<name>/service/mqtt/tlsport	The port that the MQTT service associated with message VPN <name> uses for TLS traffic within the software event broker container.	<port_number> This setting takes effect only if a TLS server certificate is configured.
messagevpn/<name>/service/mqtt/webport	The port that the MQTT service associated with message VPN <name> uses over WebSockets within the software event broker container.	<port_number>
messagevpn/<name>/service/mqtt/tlswebport	The port that the MQTT service associated with message VPN <name> uses over WebSockets for TLS traffic within the software event broker container.	<port_number> This setting takes effect only if a TLS server certificate is configured.
messagevpn/<name>/service/rest/port	The port that the REST service associated with message VPN <name> uses within the software event broker container.	<port_number>
messagevpn/<name>/service/rest/tlsport	The port that the REST service associated with message VPN <name> uses for TLS traffic within the software event broker container.	<port_number> This setting takes effect only if a TLS server certificate is configured.
nodetype	High-availability (HA) group node type.	`message_routing` or `monitoring` The default value is `message_routing`.
productkey	Installs the feature associated with the specified product key. For more information, see Product Keys on Software Event Brokers .	The product key associated with the required feature(s).
redundancy/activestandbyrole	The active standby role of message routing nodes in a HA Group.	`primary` or `backup` The default value is `primary`.
redundancy/authentication/presharedkey/key	The base64-encoded key to use as the redundancy pre-shared key.	<key>
redundancy/authentication/presharedkey/keyfilepath	The path to the file containing the base64-encoded key to use as the redundancy pre-shared key.	<key-file-path> Only one of either `key` or `keyfilepath` must be supplied. Relative file paths for files containing secrets are relative to the `/run/secrets` directory.
redundancy/enable	Enables redundancy.	`yes` or `no` The default value is `no`.
redundancy/group/node/<name>/connectvia	The fully qualified domain name (FQDN) or IP address (and optional port) of a node in a HA Group.	<addr-port>
redundancy/group/node/<name>/nodetype	High-availability (HA) group node type.	`message_routing` or `monitoring` The default value is `message_routing`.
redundancy/matelink/tls/enable	Enables mate-link to use TLS encryption.	`yes` or `no` The default value is `no`.
redundancy/matelink/remote/port	The port the mate-links connects to on the HA mate.	<port>
redundancy/mate/smf/port	The port that the mate event broker uses for plain-text SMF traffic. This setting is required only when each HA mate listens on a different port.	<port_number>
redundancy/mate/smf/compressedport	The port that the mate event broker uses for compressed SMF traffic. This setting is required only when each HA mate listens on a different port.	<port_number>
redundancy/mate/smf/tlsport	The port that the mate event broker uses for TLS/SSL SMF traffic. This setting is required only when each HA mate listens on a different port.	<port_number>
routername	The Solace PubSub+ router name.	<router_name> <router_name> must be constructed using only lowercase letters and numbers from 0 to 9, especially when it is to be used to configure redundancy. The use of other characters will prevent the proper functioning of redundancy.
service/healthcheck/port	The port that the health check service listens on.	<port_number>
service/healthcheck/tlsport	The port that the health check service listens for TLS traffic on.	<port_number> This setting takes effect only if a TLS server certificate is configured.
service/matelink/port	The port that the matelink service listens on.	<port_number>
service/ssh/port	The port used by the `sshd` process within the software event broker container (Corresponds to Solace PubSub+ SSH, see Default Configuration for Software Event Brokers).	<port_number>
service/semp/port	The port that SEMP service uses within the software event broker container.	<port_number>
service/semp/tlsport	The port that the SEMP service uses for TLS traffic within the software event broker container.	<port_number> This setting takes effect only if a TLS server certificate is configured.
service/smf/compressedport	The port that the SMF service uses for compressed traffic within the software event broker container.	<port_number>
service/smf/port	The port that the SMF service uses within the software event broker container.	<port_number>
service/smf/routingport	The port that the SMF service uses for routing control traffic within the software event broker container.	<port_number>
service/smf/tlsport	The port that the SMF service uses for TLS traffic within the software event broker container.	<port_number> This setting takes effect only if a TLS server certificate is configured.
service/amqp/tlsport	The global port used by the AMQP service for TLS traffic within the software event broker container.	<port> This setting takes effect only if a TLS server certificate is configured.
service/webtransport/port	The port that the Web Transport service uses within the software event broker container.	<port_number>
service/webtransport/tlsport	The port that the Web Transport service uses for TLS traffic within the software event broker container.	<port_number> This setting takes effect only if a TLS server certificate is configured.
service/redundancy/firstlistenport	The first three ports are used for redundancy activity election. The second and third ports are used as required. For more information, see Default Configuration for Software Event Brokers.	<port_number>
system/scaling/maxbridgecount	The maximum supported number of VPN bridge connections. For more information, see Maximum Number of VPN Bridges.	`25`, `500`, or `5000`. The default value is `25`.
system/scaling/maxconnectioncount	The maximum supported number of client connections. For more information, see Maximum Number of Client Connections.	`100`, `1000`, `10000`, `100000`or `200000` The default value is `100`.
system/scaling/maxkafkabridgecount	The maximum supported number of Kafka bridges. For more information, see Maximum Number of Kafka Bridges.	`0`, `10`, `50`, or `200` The default value is `0`.
system/scaling/maxkafkabrokerconnectioncount	The maximum supported number of Kafka broker connections. For more information, see Maximum Number of Kafka Broker Connections.	`0`, `300`, `2000`, or `10000` The default value is `0`.
system/scaling/maxqueuemessagecount	The maximum number of queue messages, in millions of messages. For more information, see Maximum Number of Queue Messages.	`100`, `240`, or `3000` The default value is `100`.
tls/crimeexploitprotection/enable	Enable protection against the CRIME exploit for TLS+compression. For more information, see Configuring CRIME Exploit Protection.	`yes` or `no` The default value is `yes`.
tls/servercertificate/filepath	The full path to the file containing the TLS server certificate.	<filepath> If the TLS server certificate contained in the file is encrypted, then the path to a file containing the passphrase must be provided by the `tls/servercertificate/ passphrasefilepath` configuration key. Relative file paths for files containing secrets are relative to the `/run/secrets` directory.
tls/servercertificate/passphrasefilepath	The full path to the file containing the passphrase used to decrypt an encrypted TLS server certificate.	<filepath> Relative file paths for files containing secrets are relative to the `/run/secrets` directory.
username/<name>/password	A plain text Solace CLI user password for username <name>.	<password> This configuration key is only suitable for development and testing activities and is not recommended for production deployments as it is not a secure way of transferring credentials to Solace PubSub+.
username/<name>/encryptedpassword	An encrypted Solace CLI user password for username <name>.	<encryptedpassword> SHA-512 is supported. Salt prior to hashing, and the format should be: `$6$salt$hashed-password`
username/<name>/globalaccesslevel	Creates a Solace CLI user with username <name> and assigns the access to global access level.	`none`, `read-only`, `read-write`, `admin`. The default value is `none`.
username/<name>/passwordfilepath	The full path to the file containing the password for username `<name>`.	<passwordfilepath> Relative file paths for files containing secrets are relative to the `/run/secrets` directory.
webmanager/redirecthttp/enable	Enables or disables the redirection of plain text HTTP request to secure HTTPS connection when accessing Broker Manager.	`yes` or `no`
webmanager/redirecthttp/overridetlsport	The HTTPS port used to override the default SEMP HTTPS port use. When accessing Broker Manager, all HTTP requests will be redirected to specified HTTPS port. If the HTTPS port value is specified as zero (0), the configured SEMP SSL/TLS port will be used.	0 … 65535

Provide feedback