This is an automated email from the ASF dual-hosted git repository.
zhaijia pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 6a4c512 configure reference doc (#7491)
6a4c512 is described below
commit 6a4c512171bf7195e8ca749e51c15bd4499fb7e6
Author: HuanliMeng <[email protected]>
AuthorDate: Fri Jul 10 09:52:49 2020 +0800
configure reference doc (#7491)
Motivation
This doc PR is updated for configurations for PRs:
#6716
#6853
#6074
1: The broker configuration (for #6716) is updated by Jia Zhai.
2: Add other supported configurations to the client, standlone and proxy
configuration docs based on the client.config, standlone.config and
proxy.config files.
Modifications
1: Add TLS with keystore type config in standlone and proxy configuration
file.
2: update reference > pulsar configuration > client for PIP-55: Refresh
Authentication Credentials
Add other supported configurations to the standlone and proxy configuration
files based on the standlone.config and proxy.config files.
---
site2/docs/reference-configuration.md | 131 ++++++++++++++++++++++++++++++++--
1 file changed, 126 insertions(+), 5 deletions(-)
diff --git a/site2/docs/reference-configuration.md
b/site2/docs/reference-configuration.md
index 3b0ef40..5451d76 100644
--- a/site2/docs/reference-configuration.md
+++ b/site2/docs/reference-configuration.md
@@ -184,6 +184,7 @@ subscriptionExpirationTimeMinutes | How long to delete
inactive subscriptions fr
|maxConcurrentTopicLoadRequest| Max number of concurrent topic loading request
broker allows to control number of zk-operations |5000|
|authenticationEnabled| Enable authentication |false|
|authenticationProviders| Autentication provider name list, which is comma
separated list of class names ||
+| authenticationRefreshCheckSeconds | Interval of time for checking for
expired authentication credentials | 60s |
|authorizationEnabled| Enforce authorization |false|
|superUserRoles| Role names that are treated as “super-user”, meaning they
will be able to do all admin operations and publish/consume from all topics ||
|brokerClientAuthenticationPlugin| Authentication settings of the broker
itself. Used when the broker connects to other brokers, either in same or other
clusters ||
@@ -286,7 +287,13 @@ The
[`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool can be used
|authParams| The authentication parameters for the cluster, as a
comma-separated string. ||
|useTls| Whether or not TLS authentication will be enforced in the cluster.
|false|
|tlsAllowInsecureConnection|||
+| tlsAllowInsecureConnection | Allow TLS connections to servers whose
certificate cannot be verified to have been signed by a trusted certificate
authority. | false |
+| tlsEnableHostnameVerification | Whether the server hostname must match the
common name of the certificate that is used by the server. | false |
|tlsTrustCertsFilePath|||
+| useKeyStoreTls | Enable TLS with KeyStore type configuration in the broker.
| false |
+| tlsTrustStoreType | TLS TrustStore type configuration. <li>JKS <li>PKCS12
|JKS|
+| tlsTrustStore | TLS TrustStore path. | |
+| tlsTrustStorePassword | TLS TrustStore password. | |
## Service discovery
@@ -366,7 +373,10 @@ The
[`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool can be used
|webServicePort| THe port used by the standalone broker for HTTP requests
|8080|
|bindAddress| The hostname or IP address on which the standalone service binds
|0.0.0.0|
|advertisedAddress| The hostname or IP address that the standalone service
advertises to the outside world. If not set, the value of
`InetAddress.getLocalHost().getHostName()` is used. ||
+| numIOThreads | Number of threads to use for Netty IO | 2 *
Runtime.getRuntime().availableProcessors() |
+| numHttpServerThreads | Number of threads to use for HTTP requests processing
| 2 * Runtime.getRuntime().availableProcessors()|
|clusterName| The name of the cluster that this broker belongs to. |standalone|
+| failureDomainsEnabled | Enable cluster's failure-domain which can distribute
brokers into logical region. | false |
|zooKeeperSessionTimeoutMillis| The ZooKeeper session timeout, in
milliseconds. |30000|
|brokerShutdownTimeoutMs| The time to wait for graceful broker shutdown. After
this time elapses, the process will be killed. |60000|
|skipBrokerShutdownOnOOM| Flag to skip broker shutdown when broker handles Out
of memory error. |false|
@@ -376,21 +386,86 @@ The
[`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool can be used
|ttlDurationDefaultInSeconds| The default ttl for namespaces if ttl is not
configured at namespace policies. |0|
|brokerDeleteInactiveTopicsEnabled| Enable the deletion of inactive topics.
|true|
|brokerDeleteInactiveTopicsFrequencySeconds| How often to check for inactive
topics, in seconds. |60|
+| maxPendingPublishdRequestsPerConnection | Maximum pending publish requests
per connection to avoid keeping large number of pending requests in memory |
1000|
|messageExpiryCheckIntervalInMinutes| How often to proactively check and
purged expired messages. |5|
|activeConsumerFailoverDelayTimeMillis| How long to delay rewinding cursor and
dispatching messages when active consumer is changed. |1000|
+| subscriptionExpirationTimeMinutes | How long to delete inactive
subscriptions from last consumption. When it is set to 0, inactive
subscriptions are not deleted automatically | 0 |
+| subscriptionRedeliveryTrackerEnabled | Enable subscription message
redelivery tracker to send redelivery count to consumer. | true |
+| subscriptionKeySharedUseConsistentHashing | In the Key_Shared subscription
mode, with default AUTO_SPLIT mode, use splitting ranges or consistent hashing
to reassign keys to new consumers. | false |
+| subscriptionKeySharedConsistentHashingReplicaPoints | In the Key_Shared
subscription mode, the number of points in the consistent-hashing ring. The
greater the number, the more equal the assignment of keys to consumers. | 100 |
+| subscriptionExpiryCheckIntervalInMinutes | How frequently to proactively
check and purge expired subscription |5 |
+| brokerDeduplicationEnabled | Set the default behavior for message
deduplication in the broker. This can be overridden per-namespace. If it is
enabled, the broker rejects messages that are already stored in the topic. |
false |
+| brokerDeduplicationMaxNumberOfProducers | Maximum number of producer
information that it's going to be persisted for deduplication purposes | 10000 |
+| brokerDeduplicationEntriesInterval | Number of entries after which a
deduplication information snapshot is taken. A greater interval leads to less
snapshots being taken though it would increase the topic recovery time, when
the entries published after the snapshot need to be replayed. | 1000 |
+| brokerDeduplicationProducerInactivityTimeoutMinutes | The time of inactivity
(in minutes) after which the broker discards deduplication information related
to a disconnected producer. | 360 |
+| defaultNumberOfNamespaceBundles | When a namespace is created without
specifying the number of bundles, this value is used as the default setting.| 4
|
|clientLibraryVersionCheckEnabled| Enable checks for minimum allowed client
library version. |false|
|clientLibraryVersionCheckAllowUnversioned| Allow client libraries with no
version information |true|
|statusFilePath| The path for the file used to determine the rotation status
for the broker when responding to service discovery health checks
|/usr/local/apache/htdocs|
|maxUnackedMessagesPerConsumer| The maximum number of unacknowledged messages
allowed to be received by consumers on a shared subscription. The broker will
stop sending messages to a consumer once this limit is reached or until the
consumer begins acknowledging messages. A value of 0 disables the unacked
message limit check and thus allows consumers to receive messages without any
restrictions. |50000|
|maxUnackedMessagesPerSubscription| The same as above, except per subscription
rather than per consumer. |200000|
+| maxUnackedMessagesPerBroker | Maximum number of unacknowledged messages
allowed per broker. Once this limit reaches, the broker stops dispatching
messages to all shared subscriptions which has a higher number of
unacknowledged messages until subscriptions start acknowledging messages back
and unacknowledged messages count reaches to limit/2. When the value is set to
0, unacknowledged message limit check is disabled and broker does not block
dispatchers. | 0 |
+| maxUnackedMessagesPerSubscriptionOnBrokerBlocked | Once the broker reaches
maxUnackedMessagesPerBroker limit, it blocks subscriptions which have higher
unacknowledged messages than this percentage limit and subscription does not
receive any new messages until that subscription acknowledges messages back. |
0.16 |
|maxNumPartitionsPerPartitionedTopic|Max number of partitions per partitioned
topic. Use 0 or negative number to disable the check|0|
+| topicPublisherThrottlingTickTimeMillis | Tick time to schedule task that
checks topic publish rate limiting across all topics. A lower value can give
more accuracy while throttling publish but it uses more CPU to perform frequent
check. When the value is set to 0, publish throttling is disabled. | 2|
+| brokerPublisherThrottlingTickTimeMillis | Tick time to schedule task that
checks broker publish rate limiting across all topics. A lower value can give
more accuracy while throttling publish but it uses more CPU to perform frequent
check. When the value is set to 0, publish throttling is disabled. |50 |
+| brokerPublisherThrottlingMaxMessageRate | Maximum rate (in 1 second) of
messages allowed to publish for a broker if the message rate limiting is
enabled. When the value is set to 0, message rate limiting is disabled. | 0|
+| brokerPublisherThrottlingMaxByteRate | Maximum rate (in 1 second) of bytes
allowed to publish for a broker if the byte rate limiting is enabled. When the
value is set to 0, the byte rate limiting is disabled. | 0 |
+| dispatchThrottlingRatePerTopicInMsg | Default messages (per second) dispatch
throttling-limit for every topic. When the value is set to 0, default message
dispatch throttling-limit is disabled. |0 |
+| dispatchThrottlingRatePerTopicInByte | Default byte (per second) dispatch
throttling-limit for every topic. When the value is set to 0, default byte
dispatch throttling-limit is disabled. | 0|
+| dispatchThrottlingRateRelativeToPublishRate | Enable dispatch rate-limiting
relative to publish rate. | false |
+| dispatchThrottlingOnNonBacklogConsumerEnabled | Enable dispatch-throttling
for both caught up consumers as well as consumers who have backlogs. | true |
+| preciseDispatcherFlowControl | Precise dispathcer flow control according to
history message number of each entry. | false |
+| maxConcurrentLookupRequest | Maximum number of concurrent lookup request
that the broker allows to throttle heavy incoming lookup traffic. | 50000 |
+| maxConcurrentTopicLoadRequest | Maximum number of concurrent topic loading
request that the broker allows to control the number of zk-operations. | 5000 |
+| maxConcurrentNonPersistentMessagePerConnection | Maximum number of
concurrent non-persistent message that can be processed per connection. | 1000 |
+| numWorkerThreadsForNonPersistentTopic | Number of worker threads to serve
non-persistent topic. | 8 |
+| enablePersistentTopics | Enable broker to load persistent topics. | true |
+| enableNonPersistentTopics | Enable broker to load non-persistent topics. |
true |
+| maxProducersPerTopic | Maximum number of producers allowed to connect to
topic. Once this limit reaches, the broker rejects new producers until the
number of connected producers decreases. When the value is set to 0,
maxProducersPerTopic-limit check is disabled. | 0 |
+| maxConsumersPerTopic | Maximum number of consumers allowed to connect to
topic. Once this limit reaches, the broker rejects new consumers until the
number of connected consumers decreases. When the value is set to 0,
maxConsumersPerTopic-limit check is disabled. | 0 |
+| maxConsumersPerSubscription | Maximum number of consumers allowed to connect
to subscription. Once this limit reaches, the broker rejects new consumers
until the number of connected consumers decreases. When the value is set to 0,
maxConsumersPerSubscription-limit check is disabled. | 0 |
+| maxNumPartitionsPerPartitionedTopic | Maximum number of partitions per
partitioned topic. When the value is set to a negative number or is set to 0,
the check is disabled. | 0 |
+| tlsCertRefreshCheckDurationSec | TLS certificate refresh duration in
seconds. When the value is set to 0, check the TLS certificate on every new
connection. | 300 |
+| tlsCertificateFilePath | Path for the TLS certificate file. | |
+| tlsKeyFilePath | Path for the TLS private key file. | |
+| tlsTrustCertsFilePath | Path for the trusted TLS certificate file.| |
+| tlsAllowInsecureConnection | Accept untrusted TLS certificate from the
client. If it is set to true, a client with a certificate which cannot be
verified with the 'tlsTrustCertsFilePath' certificate is allowed to connect to
the server, though the certificate is not be used for client authentication. |
false |
+| tlsProtocols | Specify the TLS protocols the broker uses to negotiate during
TLS handshake. | |
+| tlsCiphers | Specify the TLS cipher the broker uses to negotiate during TLS
Handshake. | |
+| tlsRequireTrustedClientCertOnConnect | Trusted client certificates are
required for to connect TLS. Reject the Connection if the client certificate is
not trusted. In effect, this requires that all connecting clients perform TLS
client authentication. | false |
+| tlsEnabledWithKeyStore | Enable TLS with KeyStore type configuration in
broker. | false |
+| tlsProvider | TLS Provider for KeyStore type. | |
+| tlsKeyStoreType | TLS KeyStore type configuration in the broker.<li>JKS
<li>PKCS12 |JKS|
+| tlsKeyStore | TLS KeyStore path in the broker. | |
+| tlsKeyStorePassword | TLS KeyStore password for the broker. | |
+| tlsTrustStoreType | TLS TrustStore type configuration in the broker<li>JKS
<li>PKCS12 |JKS|
+| tlsTrustStore | TLS TrustStore path in the broker. | |
+| tlsTrustStorePassword | TLS TrustStore password for the broker. | |
+| brokerClientTlsEnabledWithKeyStore | Configure whether the internal client
uses the KeyStore type to authenticate with Pulsar brokers. | false |
+| brokerClientSslProvider | The TLS Provider used by the internal client to
authenticate with other Pulsar brokers. | |
+| brokerClientTlsTrustStoreType | TLS TrustStore type configuration for the
internal client to authenticate with Pulsar brokers. <li>JKS <li>PKCS12 | JKS |
+| brokerClientTlsTrustStore | TLS TrustStore path for the internal client to
authenticate with Pulsar brokers. | |
+| brokerClientTlsTrustStorePassword | TLS TrustStore password for the internal
client to authenticate with Pulsar brokers. | |
+| brokerClientTlsCiphers | Specify the TLS cipher that the internal client
uses to negotiate during TLS Handshake. | |
+| brokerClientTlsProtocols | Specify the TLS protocols that the broker uses to
negotiate during TLS handshake. |
+| systemTopicEnabled | Enable/Disable system topics. | false |
+| topicLevelPoliciesEnabled | Enable or disable topic level policies. Topic
level policies depends on the system topic. Please enable the system topic
first. | false |
+| proxyRoles | Role names that are treated as "proxy roles". If the broker
sees a request with role as proxyRoles, it demands to see a valid original
principal. | |
+| authenticateOriginalAuthData | If this flag is set, the broker authenticates
the original Auth data. Otherwise, it just accepts the originalPrincipal and
authorizes it (if required). | false |
|authenticationEnabled| Enable authentication for the broker. |false|
|authenticationProviders| A comma-separated list of class names for
authentication providers. |false|
|authorizationEnabled| Enforce authorization in brokers. |false|
-|superUserRoles| Role names that are treated as “superusers.” Superusers are
authorized to perform all admin tasks. ||
-|brokerClientAuthenticationPlugin| The authentication settings of the broker
itself. Used when the broker connects to other brokers either in the same
cluster or from other clusters. ||
-|brokerClientAuthenticationParameters| The parameters that go along with the
plugin specified using brokerClientAuthenticationPlugin. ||
-|athenzDomainNames| Supported Athenz authentication provider domain names as a
comma-separated list. ||
+| authorizationProvider | Authorization provider fully qualified class-name. |
org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider |
+| authorizationAllowWildcardsMatching | Allow wildcard matching in
authorization. Wildcard matching is applicable only when the wildcard-character
(*) presents at the **first** or **last** position. | false |
+|superUserRoles| Role names that are treated as “superusers.” Superusers are
authorized to perform all admin tasks. | |
+|brokerClientAuthenticationPlugin| The authentication settings of the broker
itself. Used when the broker connects to other brokers either in the same
cluster or from other clusters. | |
+|brokerClientAuthenticationParameters| The parameters that go along with the
plugin specified using brokerClientAuthenticationPlugin. | |
+|athenzDomainNames| Supported Athenz authentication provider domain names as a
comma-separated list. | |
+| anonymousUserRole | When this parameter is not empty, unauthenticated users
perform as anonymousUserRole. | |
+|tokenAuthClaim| Specify the token claim that will be used as the
authentication "principal" or "role". The "subject" field will be used if this
is left blank ||
+|tokenAudienceClaim| The token audience "claim" name, e.g. "aud". It is used
to get the audience from token. If it is not set, the audience is not verified.
||
+| tokenAudience | The token audience stands for this broker. The field
`tokenAudienceClaim` of a valid token need contains this parameter.| |
|exposePreciseBacklogInPrometheus| Enable expose the precise backlog stats,
set false to use published counter and consumed counter to calculate, this
would be more efficient but may be inaccurate. |false|
|bookkeeperClientAuthenticationPlugin| Authentication plugin to be used when
connecting to bookies (BookKeeper servers). ||
|bookkeeperClientAuthenticationParametersName| BookKeeper authentication
plugin implementation parameters and values. ||
@@ -407,9 +482,23 @@ The
[`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool can be used
|bookkeeperClientIsolationGroups|||
|bookkeeperClientSecondaryIsolationGroups| Enable bookie secondary-isolation
group if bookkeeperClientIsolationGroups doesn't have enough bookie available.
||
|bookkeeperClientMinAvailableBookiesInIsolationGroups| Minimum bookies that
should be available as part of bookkeeperClientIsolationGroups else broker will
include bookkeeperClientSecondaryIsolationGroups bookies in isolated list. ||
+| bookkeeperTLSProviderFactoryClass | Set the client security provider factory
class name. | org.apache.bookkeeper.tls.TLSContextFactory |
+| bookkeeperTLSClientAuthentication | Enable TLS authentication with bookie. |
false |
+| bookkeeperTLSKeyFileType | Supported type: PEM, JKS, PKCS12. | PEM |
+| bookkeeperTLSTrustCertTypes | Supported type: PEM, JKS, PKCS12. | PEM |
+| bookkeeperTLSKeyStorePasswordPath | Path to file containing keystore
password, if the client keystore is password protected. | |
bookkeeperTLSTrustStorePasswordPath | Path to file containing truststore
password, if the client truststore is password protected. | |
+| bookkeeperTLSKeyFilePath | Path for the TLS private key file. | |
+| bookkeeperTLSCertificateFilePath | Path for the TLS certificate file. | |
+| bookkeeperTLSTrustCertsFilePath | Path for the trusted TLS certificate file.
| |
+| bookkeeperDiskWeightBasedPlacementEnabled | Enable/Disable disk weight based
placement. | false |
+| bookkeeperExplicitLacIntervalInMills | Set the interval to check the need
for sending an explicit LAC. When the value is set to 0, no explicit LAC is
sent. | 0 |
+| bookkeeperClientExposeStatsToPrometheus | Expose BookKeeper client managed
ledger stats to Prometheus. | false |
|managedLedgerDefaultEnsembleSize| |1|
|managedLedgerDefaultWriteQuorum| |1|
|managedLedgerDefaultAckQuorum| |1|
+| managedLedgerDigestType | Default type of checksum to use when writing to
BookKeeper. | CRC32C |
+| managedLedgerNumWorkerThreads | Number of threads to be used for managed
ledger tasks dispatching. | 4 |
+| managedLedgerNumSchedulerThreads | Number of threads to be used for managed
ledger scheduled tasks. | 4 |
|managedLedgerCacheSizeMB| |1024|
|managedLedgerCacheCopyEntries| Whether we should make a copy of the entry
payloads when inserting in cache| false|
|managedLedgerCacheEvictionWatermark| |0.9|
@@ -423,7 +512,16 @@ The
[`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool can be used
|managedLedgerMaxLedgerRolloverTimeMinutes| |240|
|managedLedgerCursorMaxEntriesPerLedger| |50000|
|managedLedgerCursorRolloverTimeInSeconds| |14400|
+| managedLedgerMaxSizePerLedgerMbytes | Maximum ledger size before triggering
a rollover for a topic. | 2048 MB|
+| managedLedgerMaxUnackedRangesToPersist | Maximum number of "acknowledgment
holes" that are going to be persistently stored. When acknowledging out of
order, a consumer leaves holes that are supposed to be quickly filled by
acknowledging all the messages. The information of which messages are
acknowledged is persisted by compressing in "ranges" of messages that were
acknowledged. After the max number of ranges is reached, the information is
only tracked in memory and messages are redeli [...]
+| managedLedgerMaxUnackedRangesToPersistInZooKeeper | Maximum number of
"acknowledgment holes" that can be stored in Zookeeper. If the number of
unacknowledged message range is higher than this limit, the broker persists
unacknowledged ranges into bookkeeper to avoid additional data overhead into
Zookeeper. | 1000 |
|autoSkipNonRecoverableData| |false|
+| managedLedgerMetadataOperationsTimeoutSeconds | Operation timeout while
updating managed-ledger metadata. | 60 |
+| managedLedgerReadEntryTimeoutSeconds | Read entries timeout when the broker
tries to read messages from BookKeeper. | 0 |
+| managedLedgerAddEntryTimeoutSeconds | Add entry timeout when the broker
tries to publish message to BookKeeper. | 0 |
+| managedLedgerNewEntriesCheckDelayInMillis | New entries check delay for the
cursor under the managed ledger. If no new messages in the topic, the cursor
tries to check again after the delay time. For consumption latency sensitive
scenario, you can set the value to a smaller value or 0. Of course, a smaller
value may degrade consumption throughput.|10 ms|
+| managedLedgerPrometheusStatsLatencyRolloverSeconds | Managed ledger
prometheus stats latency rollover seconds. | 60s |
+| managedLedgerTraceTaskExecution | Whether to trace managed ledger task
execution time. | true |
|loadBalancerEnabled| |false|
|loadBalancerPlacementStrategy| |weightedRandomSelection|
|loadBalancerReportUpdateThresholdPercentage| |10|
@@ -437,14 +535,24 @@ The
[`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool can be used
|loadBalancerResourceQuotaUpdateIntervalMinutes| |15|
|loadBalancerBrokerComfortLoadLevelPercentage| |65|
|loadBalancerAutoBundleSplitEnabled| |false|
+| loadBalancerAutoUnloadSplitBundlesEnabled | Enable/Disable automatic
unloading of split bundles. | true |
|loadBalancerNamespaceBundleMaxTopics| |1000|
|loadBalancerNamespaceBundleMaxSessions| |1000|
|loadBalancerNamespaceBundleMaxMsgRate| |1000|
|loadBalancerNamespaceBundleMaxBandwidthMbytes| |100|
|loadBalancerNamespaceMaximumBundles| |128|
+| loadBalancerBrokerThresholdShedderPercentage | The broker resource usage
threshold. When the broker resource usage is greater than the pulsar cluster
average resource usage, the threshold shedder is triggered to offload bundles
from the broker. It only takes effect in the ThresholdSheddler strategy. | 10 |
+| loadBalancerHistoryResourcePercentage | The history usage when calculating
new resource usage. It only takes effect in the ThresholdSheddler strategy. |
0.9 |
+| loadBalancerBandwithInResourceWeight | The BandWithIn usage weight when
calculating new resource usage. It only takes effect in the ThresholdSheddler
strategy. | 1.0 |
+| loadBalancerBandwithOutResourceWeight | The BandWithOut usage weight when
calculating new resource usage. It only takes effect in the ThresholdSheddler
strategy. | 1.0 |
+| loadBalancerCPUResourceWeight | The CPU usage weight when calculating new
resource usage. It only takes effect in the ThresholdSheddler strategy. | 1.0 |
+| loadBalancerMemoryResourceWeight | The heap memory usage weight when
calculating new resource usage. It only takes effect in the ThresholdSheddler
strategy. | 1.0 |
+| loadBalancerDirectMemoryResourceWeight | The direct memory usage weight when
calculating new resource usage. It only takes effect in the ThresholdSheddler
strategy. | 1.0 |
+| loadBalancerBundleUnloadMinThroughputThreshold | Bundle unload minimum
throughput threshold. Avoid bundle unload frequently. It only takes effect in
the ThresholdSheddler strategy. | 10 MB |
|replicationMetricsEnabled| |true|
|replicationConnectionsPerBroker| |16|
|replicationProducerQueueSize| |1000|
+| replicatioPolicyCheckDurationSeconds | Duration to check replication policy
to avoid replicator inconsistency due to missing ZooKeeper watch. When the
value is set to 0, disable checking replication policy. | 600 |
|defaultRetentionTimeInMinutes| |0|
|defaultRetentionSizeInMB| |0|
|keepAliveIntervalSeconds| |30|
@@ -491,17 +599,25 @@ The [Pulsar
proxy](concepts-architecture-overview.md#pulsar-proxy) can be config
|forwardAuthorizationCredentials| Forward client authorization credentials to
Broker for re-authorization, and make sure authentication is enabled for this
to take effect. |false|
|zookeeperServers| The ZooKeeper quorum connection string (as a
comma-separated list) ||
|configurationStoreServers| Configuration store connection string (as a
comma-separated list) ||
+| brokerServiceURL | The service URL pointing to the broker cluster. | |
+| brokerServiceURLTLS | The TLS service URL pointing to the broker cluster | |
+| brokerWebServiceURL | The Web service URL pointing to the broker cluster | |
+| brokerWebServiceURLTLS | The TLS Web service URL pointing to the broker
cluster | |
+| functionWorkerWebServiceURL | The Web service URL pointing to the function
worker cluster. It is only configured when you setup function workers in a
separate cluster. | |
+| functionWorkerWebServiceURLTLS | The TLS Web service URL pointing to the
function worker cluster. It is only configured when you setup function workers
in a separate cluster. | |
|zookeeperSessionTimeoutMs| ZooKeeper session timeout (in milliseconds) |30000|
|zooKeeperCacheExpirySeconds|ZooKeeper cache expiry time in seconds|300
|servicePort| The port to use for server binary Protobuf requests |6650|
|servicePortTls| The port to use to server binary Protobuf TLS requests
|6651|
|statusFilePath| Path for the file used to determine the rotation status for
the proxy instance when responding to service discovery health checks ||
|advertisedAddress|Hostname or IP address the service advertises to the
outside world.|`InetAddress.getLocalHost().getHostname()`|
+| proxyLogLevel | Proxy log level <li>0: Do not log any TCP channel
information. <li>1: Parse and log any TCP channel information and command
information without message body. <li>2: Parse and log channel information,
command information and message body.| 0 |
|authenticationEnabled| Whether authentication is enabled for the Pulsar proxy
|false|
|authenticateMetricsEndpoint| Whether the '/metrics' endpoint requires
authentication. Defaults to true. 'authenticationEnabled' must also be set for
this to take effect. |true|
|authenticationProviders| Authentication provider name list (a comma-separated
list of class names) ||
|authorizationEnabled| Whether authorization is enforced by the Pulsar proxy
|false|
|authorizationProvider| Authorization provider as a fully qualified class name
|org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider|
+| anonymousUserRole | When this parameter is not empty, unauthenticated users
perform as anonymousUserRole. | |
|brokerClientAuthenticationPlugin| The authentication plugin used by the
Pulsar proxy to authenticate with Pulsar brokers ||
|brokerClientAuthenticationParameters| The authentication parameters used by
the Pulsar proxy to authenticate with Pulsar brokers ||
|brokerClientTrustCertsFilePath| The path to trusted certificates used by the
Pulsar proxy to authenticate with Pulsar brokers ||
@@ -511,6 +627,7 @@ The [Pulsar
proxy](concepts-architecture-overview.md#pulsar-proxy) can be config
|maxConcurrentLookupRequests| Max concurrent outbound connections. The proxy
will error out requests beyond that. |50000|
|tlsEnabledInProxy| Whether TLS is enabled for the proxy |false|
|tlsEnabledWithBroker| Whether TLS is enabled when communicating with Pulsar
brokers |false|
+| tlsCertRefreshCheckDurationSec | TLS certificate refresh duration in
seconds. If the value is set 0, check TLS certificate every new connection. |
300s |
|tlsCertificateFilePath| Path for the TLS certificate file ||
|tlsKeyFilePath| Path for the TLS private key file ||
|tlsTrustCertsFilePath| Path for the trusted TLS certificate pem file ||
@@ -518,10 +635,14 @@ The [Pulsar
proxy](concepts-architecture-overview.md#pulsar-proxy) can be config
|tlsRequireTrustedClientCertOnConnect| Whether client certificates are
required for TLS. Connections are rejected if the client certificate isn’t
trusted. |false|
|tlsProtocols|Specify the tls protocols the broker will use to negotiate
during TLS Handshake. Multiple values can be specified, separated by commas.
Example:- ```TLSv1.2```, ```TLSv1.1```, ```TLSv1``` ||
|tlsCiphers|Specify the tls cipher the broker will use to negotiate during TLS
Handshake. Multiple values can be specified, separated by commas. Example:-
```TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256```||
+| httpReverseProxyConfigs | HTTP directs to redirect to non-pulsar services | |
+| httpOutputBufferSize | HTTP output buffer size. The amount of data that will
be buffered for HTTP requests before it is flushed to the channel. A larger
buffer size may result in higher HTTP throughput though it may take longer for
the client to see data. If using HTTP streaming via the reverse proxy, this
should be set to the minimum value (1) so that clients see the data as soon as
possible. | 32768 |
+| httpNumThreads | Number of threads to use for HTTP requests processing| 2 *
Runtime.getRuntime().availableProcessors() |
|tokenSecretKey| Configure the secret key to be used to validate auth tokens.
The key can be specified like: `tokenSecretKey=data:;base64,xxxxxxxxx` or
`tokenSecretKey=file:///my/secret.key`||
|tokenPublicKey| Configure the public key to be used to validate auth tokens.
The key can be specified like: `tokenPublicKey=data:;base64,xxxxxxxxx` or
`tokenPublicKey=file:///my/secret.key`||
-|tokenPublicAlg| Configure the algorithm to be used to validate auth tokens.
This can be any of the asymettric algorithms supported by Java JWT
(https://github.com/jwtk/jjwt#signature-algorithms-keys) |RS256|
|tokenAuthClaim| Specify the token claim that will be used as the
authentication "principal" or "role". The "subject" field will be used if this
is left blank ||
+|tokenAudienceClaim| The token audience "claim" name, e.g. "aud". It is used
to get the audience from token. If it is not set, the audience is not verified.
||
+| tokenAudience | The token audience stands for this broker. The field
`tokenAudienceClaim` of a valid token need contains this parameter.| |
| proxyLogLevel | Set the Pulsar Proxy log level. <li> If the value is set to
0, no TCP channel information is logged. <li> If the value is set to 1, only
the TCP channel information and command information (without message body) are
parsed and logged. <li> If the value is set to 2, all TCP channel information,
command information, and message body are parsed and logged. | 0 |
## ZooKeeper
