This is an automated email from the ASF dual-hosted git repository.
liuyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 56784091e78 [feature][doc] Add configs for full-support tls provider
and managed cursor compression (#15210)
56784091e78 is described below
commit 56784091e7821abe4c8fb26c2d0f060cbfc7ee0b
Author: momo-jun <[email protected]>
AuthorDate: Tue May 17 17:06:37 2022 +0800
[feature][doc] Add configs for full-support tls provider and managed cursor
compression (#15210)
---
site2/docs/reference-configuration.md | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/site2/docs/reference-configuration.md
b/site2/docs/reference-configuration.md
index c4a42240428..de89881c14b 100644
--- a/site2/docs/reference-configuration.md
+++ b/site2/docs/reference-configuration.md
@@ -152,6 +152,7 @@ Pulsar brokers are responsible for handling incoming
messages from producers, di
|brokerServicePortTls| Broker data port for TLS |6651|
|webServicePort| Port to use to server HTTP request |8080|
|webServicePortTls| Port to use to server HTTPS request |8443|
+|webServiceTlsProvider | The TLS provider for the web service. Available
values: `SunJSSE`, `Conscrypt`, and so on. | Conscrypt |
|webSocketServiceEnabled| Enable the WebSocket API service in broker |false|
|webSocketNumIoThreads|The number of IO threads in Pulsar Client used in
WebSocket proxy.|Runtime.getRuntime().availableProcessors()|
|webSocketConnectionsPerBroker|The number of connections per Broker in Pulsar
Client used in WebSocket proxy.|Runtime.getRuntime().availableProcessors()|
@@ -220,7 +221,7 @@ brokerServiceCompactionThresholdInBytes|If the estimated
backlog size is greater
|tlsProtocols|Specify the tls protocols the broker will use to negotiate
during TLS Handshake. Multiple values can be specified, separated by commas.
Example:- ```TLSv1.3```, ```TLSv1.2``` ||
|tlsCiphers|Specify the tls cipher the broker will use to negotiate during TLS
Handshake. Multiple values can be specified, separated by commas. Example:-
```TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256```||
|tlsEnabledWithKeyStore| Enable TLS with KeyStore type configuration in broker
|false|
-|tlsProvider| TLS Provider for KeyStore type ||
+|tlsProvider| The TLS provider for the broker service. <br />When TLS
authentication with CACert is used, the valid value is either `OPENSSL` or
`JDK`.<br />When TLS authentication with KeyStore is used, available options
can be `SunJSSE`, `Conscrypt` and so on. | N/A
|tlsKeyStoreType| LS KeyStore type configuration in broker: JKS, PKCS12 |JKS|
|tlsKeyStore| TLS KeyStore path in broker ||
|tlsKeyStorePassword| TLS KeyStore password for broker ||
@@ -246,7 +247,7 @@ brokerServiceCompactionThresholdInBytes|If the estimated
backlog size is greater
|maxUnackedMessagesPerConsumer| Max number of unacknowledged messages allowed
to receive messages by a consumer on a shared subscription. Broker will stop
sending messages to consumer once, this limit reaches until consumer starts
acknowledging messages back. Using a value of 0, is disabling unackeMessage
limit check and consumer can receive messages without any restriction |50000|
|maxUnackedMessagesPerSubscription| Max number of unacknowledged messages
allowed per shared subscription. Broker will stop dispatching messages to all
consumers of the subscription once this limit reaches until consumer starts
acknowledging messages back and unack count reaches to limit/2. Using a value
of 0, is disabling unackedMessage-limit check and dispatcher can dispatch
messages without any restriction |200000|
|subscriptionRedeliveryTrackerEnabled| Enable subscription message redelivery
tracker |true|
-|subscriptionExpirationTimeMinutes | How long to delete inactive subscriptions
from last consuming. <br/><br/>Setting this configuration to a value **greater
than 0** deletes inactive subscriptions automatically.<br/>Setting this
configuration to **0** does not delete inactive subscriptions automatically.
<br/><br/> Since this configuration takes effect on all topics, if there is
even one topic whose subscriptions should not be deleted automatically, you
need to set it to 0. <br/>Instead [...]
+|subscriptionExpirationTimeMinutes | How long to delete inactive subscriptions
from last consuming. <br /><br />Setting this configuration to a value
**greater than 0** deletes inactive subscriptions automatically.<br />Setting
this configuration to **0** does not delete inactive subscriptions
automatically. <br /><br /> Since this configuration takes effect on all
topics, if there is even one topic whose subscriptions should not be deleted
automatically, you need to set it to 0. <br />I [...]
|maxConcurrentLookupRequest| Max number of concurrent lookup request broker
allows to throttle heavy incoming lookup traffic |50000|
|maxConcurrentTopicLoadRequest| Max number of concurrent topic loading request
broker allows to control number of zk-operations |5000|
|authenticationEnabled| Enable authentication |false|
@@ -386,6 +387,7 @@ brokerServiceCompactionThresholdInBytes|If the estimated
backlog size is greater
| enableExposingBrokerEntryMetadataToClient|Whether to expose broker entry
metadata to client or not.<br /><br />Available
values:<li>true</li><li>false</li><br />Example<br
/>enableExposingBrokerEntryMetadataToClient=true | false |
| metricsBufferResponse | The configuration is for those broker which there
are more than one metrics system access the `/metrics` endpoint. For the
purpose of reduce `CPU` and `Memory` usage, metrics data will be generated once
in the interval(`managedLedgerStatsPeriodSeconds`) and it will be cached, all
`/metrics` requests in the `interval` will return same metrics | false |
| strictBookieAffinityEnabled | Enable or disable the strict bookie isolation
strategy. If enabled, <br /> - `bookie-ensemble` first tries to choose bookies
that belong to a namespace's affinity group. If the number of bookies is not
enough, then the rest bookies are chosen. <br /> - If namespace has no affinity
group, `bookie-ensemble` only chooses bookies that belong to no region. If the
number of bookies is not enough, `BKNotEnoughBookiesException` is thrown.|
false |
+|managedCursorInfoCompressionType | The compression type of managed cursor
information. <br />Available options are `NONE`, `LZ4`, `ZLIB`, `ZSTD`, and
`SNAPPY`). <br />If this value is `NONE`, managed cursor information is not
compressed. | NONE
#### Deprecated parameters of Broker
@@ -482,6 +484,7 @@ You can set the log level and configuration in the
[log4j2.yaml](https://github
|configurationMetadataStoreUrl| Configuration store connection string (as a
comma-separated list) ||
|brokerServicePort| The port on which the standalone broker listens for
connections |6650|
|webServicePort| The port used by the standalone broker for HTTP requests
|8080|
+|webServiceTlsProvider | The TLS provider for the web service. Available
values: `SunJSSE`, `Conscrypt`, and so on. | Conscrypt |
|bindAddress| The hostname or IP address on which the standalone service binds
|0.0.0.0|
|bindAddresses| Additional Hostname or IP addresses the service binds on:
`listener_name:scheme://host:port,...`. ||
|advertisedAddress| The hostname or IP address that the standalone service
advertises to the outside world. If not set, the value of
`InetAddress.getLocalHost().getHostName()` is used. ||
@@ -569,7 +572,7 @@ You can set the log level and configuration in the
[log4j2.yaml](https://github
| tlsCiphers | Specify the TLS cipher the broker uses to negotiate during TLS
Handshake. | |
| tlsRequireTrustedClientCertOnConnect | Trusted client certificates are
required for to connect TLS. Reject the Connection if the client certificate is
not trusted. In effect, this requires that all connecting clients perform TLS
client authentication. | false |
| tlsEnabledWithKeyStore | Enable TLS with KeyStore type configuration in
broker. | false |
-| tlsProvider | TLS Provider for KeyStore type. | |
+|tlsProvider| The TLS provider for the broker service. <br />When TLS
authentication with CACert is used, the valid value is either `OPENSSL` or
`JDK`.<br />When TLS authentication with KeyStore is used, available options
can be `SunJSSE`, `Conscrypt` and so on. | N/A
| tlsKeyStoreType | TLS KeyStore type configuration in the broker.<li>JKS
<li>PKCS12 |JKS|
| tlsKeyStore | TLS KeyStore path in the broker. | |
| tlsKeyStorePassword | TLS KeyStore password for the broker. | |
@@ -717,6 +720,8 @@ You can set the log level and configuration in the
[log4j2.yaml](https://github
|isAllowAutoUpdateSchemaEnabled|Allow schema to be auto updated at broker
level.|true|
|schemaCompatibilityStrategy| The schema compatibility strategy at broker
level, see
[here](schema-evolution-compatibility.md#schema-compatibility-check-strategy)
for available values.|FULL|
|systemTopicSchemaCompatibilityStrategy| The schema compatibility strategy is
used for system topics, see
[here](schema-evolution-compatibility.md#schema-compatibility-check-strategy)
for available values.|ALWAYS_COMPATIBLE|
+|managedCursorInfoCompressionType | The compression type of managed cursor
information. <br />Available options are `NONE`, `LZ4`, `ZLIB`, `ZSTD`, and
`SNAPPY`). <br />If this value is `NONE`, managed cursor information is not
compressed. | NONE
+
#### Deprecated parameters of standalone Pulsar
The following parameters have been deprecated in the `conf/standalone.conf`
file.
@@ -756,6 +761,8 @@ The following parameters have been deprecated in the
`conf/standalone.conf` file
|tlsCertificateFilePath|||
|tlsKeyFilePath |||
|tlsTrustCertsFilePath|||
+|tlsProvider | The TLS provider for websocket. Available values: `SunJSSE`,
`Conscrypt`, and so on. | Conscrypt |
+
#### Deprecated parameters of WebSocket
The following parameters have been deprecated in the `conf/websocket.conf`
file.
@@ -810,6 +817,7 @@ The [Pulsar
proxy](concepts-architecture-overview.md#pulsar-proxy) can be config
|tlsRequireTrustedClientCertOnConnect| Whether client certificates are
required for TLS. Connections are rejected if the client certificate isn’t
trusted. |false|
|tlsProtocols|Specify the tls protocols the broker will use to negotiate
during TLS Handshake. Multiple values can be specified, separated by commas.
Example:- ```TLSv1.3```, ```TLSv1.2``` ||
|tlsCiphers|Specify the tls cipher the broker will use to negotiate during TLS
Handshake. Multiple values can be specified, separated by commas. Example:-
```TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256```||
+|tlsProvider| The TLS provider for the broker service. <br />When TLS
authentication with CACert is used, the valid value is either `OPENSSL` or
`JDK`.<br />When TLS authentication with KeyStore is used, available options
can be `SunJSSE`, `Conscrypt` and so on. | N/A
| httpReverseProxyConfigs | HTTP directs to redirect to non-pulsar services | |
| httpOutputBufferSize | HTTP output buffer size. The amount of data that will
be buffered for HTTP requests before it is flushed to the channel. A larger
buffer size may result in higher HTTP throughput though it may take longer for
the client to see data. If using HTTP streaming via the reverse proxy, this
should be set to the minimum value (1) so that clients see the data as soon as
possible. | 32768 |
| httpNumThreads | Number of threads to use for HTTP requests processing| 2 *
Runtime.getRuntime().availableProcessors() |
@@ -822,6 +830,8 @@ The [Pulsar
proxy](concepts-architecture-overview.md#pulsar-proxy) can be config
|haProxyProtocolEnabled | Enable or disable the
[HAProxy](http://www.haproxy.org/) protocol. |false|
| numIOThreads | Number of threads used for Netty IO. | 2 *
Runtime.getRuntime().availableProcessors() |
| numAcceptorThreads | Number of threads used for Netty Acceptor. | 1 |
+|webServiceTlsProvider | The TLS provider for the web service. Available
values: `SunJSSE`, `Conscrypt`, and so on. | Conscrypt |
+
#### Deprecated parameters of Pulsar proxy
The following parameters have been deprecated in the `conf/proxy.conf` file.
