Hi Jakub,
Thanks for the tip, that sounds exactly what we want. If you don't hear anything from me - it means it works for us! Richard -----Original Message----- From: Jakub Scholz [mailto:ja...@scholz.cz] Sent: 06 June 2011 17:07 To: users@qpid.apache.org Subject: Re: Qpid Default Configuration Hi Richard, If you use the ACL as described above, the users will be able to create ONLY the ring type queues, nothing else. If they are not fast enough in consumption, they will loose some messages - this is the worst case scenario. They cannot create other queue types, because the broker will reject them. We are using the broker in environment, where the clients are creating their own queues as well. We are using ACL rules to limit them as much as possible, e.g.: acl allow <user> create queue name=<possibleQueueNames> maxqueuecount=1000 maxqueuesize=1000000 maxpolicytype=ring durable=false autodelete=true This is the only way how to make sure the environment will be up and running for all clients. IMHO there are still some missing pieces (limit number of connections, limit number of queues, ....), but so far we did not had any major issues with this setup. Also note, that with the RING type queues, for the client it is hard to find out that some messages have been overwritten - you may need to introduce your own sequencing, depending on the details of your environment. Regards Jakub On Mon, Jun 6, 2011 at 17:48, Fallon, Richard <richard.fal...@atosorigin.com> wrote: > > > I've not had access to my mail for some time, but thanks all for your > responses. > > ACL sounds like the way forward but I still have the worst case scenario that > some users who may not subscribe fast enough and do not set up their queue > appropriately, as we are in a self-service environment, are at risk of > spoiling it for others. > > And you can bet that the users who try to take more data than they consume > are also the users who don't set up their queues correctly! > > Minor niggles. > > Great product! > > > > > > -----Original Message----- > From: Rajith Attapattu [mailto:rajit...@gmail.com] > Sent: 09 May 2011 17:20 > To: users@qpid.apache.org > Subject: Re: Qpid Default Configuration > > I tested the ACL method (deny mode) and it does work. > "acl allow <user/group> create queue policytype=ring" > (All though if you use "allow" mode it will not work as the default value for > queue policy is empty and it's not allowed to be specified in ACL at the > moment). > > Having a configurable default queue policy type will be very convenient as a > user does not have to specify it explicitly. > But as Jakub points out even if you configure a default, a user could > overwrite it if they want. > So having the ACL rule will prevent that. > > Regards, > > Rajith > > On Mon, May 9, 2011 at 11:13 AM, Jakub Scholz <ja...@scholz.cz> wrote: >> Hi, >> >> Based on my experience, I would assume, that if you want your >> customers to use RING type queues, you should anyway force it using >> ACL, since even when the default policy type is implemented, the >> consumer will be probably able to overwrite the default value. You >> can use >> >> acl allow <Consumer> create queue name=<QueueName> policytype=ring >> >> BTW: It seems that the ACL property "policytype" is missing in the >> table 1.6 in chapter 1.5.2.1 of the "AMQP Messaging Broker >> (Implemented in C++)" book. Is a JIRA ticket used for the >> documentation changes as well? Should I enter one for this problem? >> >> Regards >> Jakub >> >> On Mon, May 9, 2011 at 16:48, Rajith Attapattu <rajit...@gmail.com> wrote: >>> On Mon, May 9, 2011 at 6:36 AM, Gordon Sim <g...@redhat.com> wrote: >>>> On 05/06/2011 02:34 PM, Fallon, Richard wrote: >>>>> >>>>> Hello, >>>>> >>>>> Is it possible to change some of the default settings used when a >>>>> queue is created, note I do not mean override them at runtime? >>>>> >>>>> So currently if a queue is created the default policy when the >>>>> queue size is exceeded is to block the producer so no more data >>>>> arrives. This is not acceptable in my system. I would like all >>>>> queues that are created to be created with the default policy_type >>>>> of RING, so the producer is never blocked. However all my queues >>>>> are created dynamically by the consumers using the AMQP syntax, >>>>> ideally I would prefer not to rely on the consumers to create the >>>>> queues with a RING policy. >>>>> >>>>> So what I would like is for all queues to be created at runtime to >>>>> use a RING policy, without having to over-ride it at runtime. Can >>>>> I change the default policy to be RING? >>>> >>>> Unfortunately not at present. >>> >>> I created a JIRA to track this. >>> https://issues.apache.org/jira/browse/QPID-3248 >>> >>> However you could probably do this by using ACL. >>> i.e to restrict every queue being created to the required policy of your >>> choice. >>> The added benefit here is that you could have different queue >>> policies by users (or groups of users). >>> >>> Let me test this out and get back to you. >>> >>> Rajith >>> >>>> ------------------------------------------------------------------- >>>> - >>>> - Apache Qpid - AMQP Messaging Implementation >>>> Project: http://qpid.apache.org >>>> Use/Interact: mailto:users-subscr...@qpid.apache.org >>>> >>>> >>> >>> -------------------------------------------------------------------- >>> - Apache Qpid - AMQP Messaging Implementation >>> Project: http://qpid.apache.org >>> Use/Interact: mailto:users-subscr...@qpid.apache.org >>> >>> >> >> --------------------------------------------------------------------- >> Apache Qpid - AMQP Messaging Implementation >> Project: http://qpid.apache.org >> Use/Interact: mailto:users-subscr...@qpid.apache.org >> >> > > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:users-subscr...@qpid.apache.org > > > > > _______________________________________________________ > Atos Origin and Atos Consulting are trading names used by the Atos > Origin group. The following trading entities are registered in > England and Wales: Atos Origin IT Services UK Limited (registered > number 01245534) and Atos Consulting Limited (registered number > 04312380). The registered office for each is at 4 Triton Square, > Regents Place, London, NW1 3HG.The VAT No. for each is: GB232327983 > > This e-mail and the documents attached are confidential and intended solely > for the addressee, and may contain confidential or privileged information. > If you receive this e-mail in error, you are not authorised to copy, > disclose, use or retain it. Please notify the sender immediately and delete > this email from your systems. As emails may be intercepted, amended or > lost, they are not secure. Atos Origin therefore can accept no liability for > any errors or their content. Although Atos Origin endeavours to maintain a > virus-free network, we do not warrant that this transmission is virus-free > and can accept no liability for any damages resulting from any virus > transmitted. The risks are deemed to be accepted by everyone who > communicates with Atos Origin by email. > _______________________________________________________ > > > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:users-subscr...@qpid.apache.org > > --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:users-subscr...@qpid.apache.org _______________________________________________________ Atos Origin and Atos Consulting are trading names used by the Atos Origin group. The following trading entities are registered in England and Wales: Atos Origin IT Services UK Limited (registered number 01245534) and Atos Consulting Limited (registered number 04312380). The registered office for each is at 4 Triton Square, Regents Place, London, NW1 3HG.The VAT No. for each is: GB232327983 This e-mail and the documents attached are confidential and intended solely for the addressee, and may contain confidential or privileged information. If you receive this e-mail in error, you are not authorised to copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems. As emails may be intercepted, amended or lost, they are not secure. Atos Origin therefore can accept no liability for any errors or their content. Although Atos Origin endeavours to maintain a virus-free network, we do not warrant that this transmission is virus-free and can accept no liability for any damages resulting from any virus transmitted. The risks are deemed to be accepted by everyone who communicates with Atos Origin by email. _______________________________________________________ --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:users-subscr...@qpid.apache.org