Launch-framework Configuration

Document created by RSA Information Design and Development Employee on Jan 31, 2020
Version 1Show Document
  • View in full screen mode
 

ConfigurationModuleProperties

                                         
NameDefault valueTypeDescription

rsa.configuration.backoff-duration

1

seconds

Amount of time to wait until a retry is attempted if the config-server is unavailable

rsa.configuration.connection-timeout

30

seconds

A timeout how long to wait if the config-server is unavailable

rsa.configuration.remote-enabled

false

boolean

If the configuration server is even attempted

rsa.configuration.schema-synchronization-retry-interval

1

seconds

This property controls how long to wait before retrying a failed schema synchronization attempt.

ContentProperties

                       
NameDefault valueTypeDescription

rsa.content.disk-path

 

path

The path where the content resides on disk

DataProperties

                                                                                                                                         
NameDefault valueTypeDescription

rsa.data.application.advanced

 

map

A set of advanced properties specific to the data provider

rsa.data.application.connection-timeout

5

seconds

How long to wait before giving up on a connection attempt

rsa.data.application.database

 

string

The database name

rsa.data.application.enabled

false

boolean

If true will enable database support

rsa.data.application.map-key-dot-replacement

 

string

Mongo disallows "." in map keys, if a value is provided, dots in map keys are replaced by it.

rsa.data.application.password

 

string

The connection password

rsa.data.application.secure

false

boolean

Use an SSL/TLS connection to the database

rsa.data.application.servers

[localhost]

string[]

A comma separated list of database servers

rsa.data.application.stat-cache-timeout

15

seconds

How long to wait before refreshing database statistics?

rsa.data.application.user

 

string

The connection user

rsa.data.control.advanced

 

map

A set of advanced properties specific to the data provider

rsa.data.control.connection-timeout

5

seconds

How long to wait before giving up on a connection attempt

rsa.data.control.database

 

string

The database name

rsa.data.control.enabled

false

boolean

If true will enable database support

rsa.data.control.map-key-dot-replacement

 

string

Mongo disallows "." in map keys, if a value is provided, dots in map keys are replaced by it.

rsa.data.control.password

 

string

The connection password

rsa.data.control.secure

false

boolean

Use an SSL/TLS connection to the database

rsa.data.control.servers

[localhost]

string[]

A comma separated list of database servers

rsa.data.control.stat-cache-timeout

15

seconds

How long to wait before refreshing database statistics?

rsa.data.control.user

 

string

The connection user

FileSystemProperties

                                         
NameDefault valueTypeDescription

rsa.filesystem.conf-path

/etc/netwitness

string

The path to directory where all service configuration resides. Ignored if prefix is specified.

rsa.filesystem.data-path

/var/lib/netwitness

string

The path to directory where all service data resides. Ignored if prefix is specified.

rsa.filesystem.logs-path

/var/log/netwitness

string

The path to directory where all service logs reside. Ignored if prefix is specified.

rsa.filesystem.prefix

 

string

If not empty the prefix specifies the root for all service file system state. When empty, the individual values are used.

HealthCheckProperties

                                   
NameDefault valueTypeDescription

rsa.health.check-every

15

seconds

Rate at which health checks are scheduled to run.

rsa.health.concurrency

5

integer

Number of concurrent threads that runs health checks.

rsa.health.timeout

30

seconds

Time out for a {@link com.rsa.asoc.launch.api.health.HealthCheck} when service health checks are run. If a component is unable to respond with health status with in this period, it is marked as {@link com.rsa.asoc.launch.api.health.Health.Status#Unhealthy}

LoggingAuditProperties

                             
NameDefault valueTypeDescription

rsa.logging.audit.max-file-count

10

integer

The maximum number of archive files to retain.

rsa.logging.audit.max-file-size

10

bytes

The maximum size a log file is allowed to grow

LogForwarderProperties

                                                     
NameDefault valueTypeDescription

rsa.logging.forward.categories

 

string[]

The log categories to choose for forwarding

rsa.logging.forward.destination

 

logforwarderproperties$
destination

The forwarding destination

rsa.logging.forward.enabled

true

boolean

Is forwarding enabled?

rsa.logging.forward.host

localhost

string

The destination host address

rsa.logging.forward.port

50514

integer

The destination port

rsa.logging.forward.secure

false

boolean

Use TLS for forwarding (only supported with LOGSTASH_TCP)

LoggingProperties

                       
NameDefault valueTypeDescription

rsa.logging.levels

 

string

Service log levels specified as a comma separated sequence of "logger:level". Note logger names are case sensitive.

LoggingOperationalProperties

                             
NameDefault valueTypeDescription

rsa.logging.operations.max-file-count

10

integer

The maximum number of archive files to retain.

rsa.logging.operations.max-file-size

10

bytes

Maximum file size of each file allowed to grow

MetricsAggregationProperties

                                               
NameDefault valueTypeDescription

rsa.metrics.aggregation.enabled

true

boolean

Is the reporter enabled?

rsa.metrics.aggregation.filter-prefixes

 

list

What to report? The default behavior is to report everything, if a selection of metrics must be reported add their prefixes to this list.

rsa.metrics.aggregation.host

 

string

The host name of the aggregator.

rsa.metrics.aggregation.interval

1

seconds

How often to report?

rsa.metrics.aggregation.port

0

integer

The port number.

MetricsElasticProperties

                       
NameDefault valueTypeDescription

rsa.metrics.elastic.enabled

true

boolean

Is the reporter enabled?

MetricsHistoricalProperties

                                               
NameDefault valueTypeDescription

rsa.metrics.historical.enabled

true

boolean

Is the reporter enabled?

rsa.metrics.historical.filter-prefixes

 

list

What to report? The default behavior is to report everything, if a selection of metrics must be reported add their prefixes to this list.

rsa.metrics.historical.interval

1

seconds

How often to report?

rsa.metrics.historical.max-file-count

10

integer

The maximum number of archive files to retain.

rsa.metrics.historical.max-file-size

10

bytes

Maximum file size of each file allowed to grow

MetricsJmxProperties

                                   
NameDefault valueTypeDescription

rsa.metrics.jmx.enabled

true

boolean

Is the reporter enabled?

rsa.metrics.jmx.filter-prefixes

 

list

What to report? The default behavior is to report everything, if a selection of metrics must be reported add their prefixes to this list.

rsa.metrics.jmx.interval

1

seconds

How often to report?

MetricsProperties

                       
NameDefault valueTypeDescription

rsa.metrics.profile-api-invocation

true

boolean

Profiles timing of all {@link com.rsa.asoc.launch.api.annotation.LaunchApi} methods.

NotificationProperties

                                                     
NameDefault valueTypeDescription

rsa.notification.drain-at-shutdown

true

boolean

The flag to control if we drain the notification queue before shutdown. If there are a lot of pending notifications this may cause noticeable delays in shutdown time, particularly if the deployment integration server is unavailable and each forward goes through the retry attempts.

rsa.notification.max-pending

1000

integer

The maximum number of notifications left pending.

rsa.notification.max-threads

1

integer

The size of the thread pool.

rsa.notification.retry-at-shutdown

true

boolean

The flag to control if we should retry failed notifications when the service is going down. This is true by default but can lead to delayed shutdowns if notifications cannot be forwarded.

rsa.notification.retry-attempts

 

integer

The number of times we retry if a notification cannot be forwarded to the centralized notification service. The default setting is to never give up but can be changed to smaller value (e.g. 10) if it is OK to drop some notifications.

rsa.notification.retry-delay

10s

seconds

The delay between successive retry attempts.

ProcessJvmMemoryProperties

                             
NameDefault valueTypeDescription

rsa.process.jvm.memory-thresholds.fatal-percent

95

integer

Percent of heap memory usage, above which JVM health is marked Fatal

rsa.process.jvm.memory-thresholds.warning-percent

80

integer

Percent of heap memory usage, above which JVM health is marked Unhealthy

ProcessProperties

                       
NameDefault valueTypeDescription

rsa.process.shutdown-delay

5

seconds

The delay between a request to shutdown and the eventual shutdown trigger.

AuthenticationProperties

                                               
NameDefault valueTypeDescription

rsa.security.authentication.refresh-token-lifetime

30

seconds

The time-to-live on a refresh token.

rsa.security.authentication.remote-enabled

false

boolean

Support remote authentication.

rsa.security.authentication.remote-timeout

30

seconds

The time to wait for a response before failing a remote authentication.

rsa.security.authentication.token-lifetime

8

seconds

The time-to-live on a token.

rsa.security.authentication.trusted-channel-enabled

true

boolean

Support trusted channel authentication.

AuthorizationProperties

                                         
NameDefault valueTypeDescription

rsa.security.authorization.permission-cache-expiry

15

seconds

This property controls cache expiry interval for the role to permissions mapping.

rsa.security.authorization.permission-cache-size

100

integer

This property controls number of role definitions cached in the service.

rsa.security.authorization.permission-synchronization-retry-interval

1

seconds

This property controls how long to wait before retrying a failed permission synchronization attempt.

rsa.security.authorization.remote-enabled

true

boolean

This property controls if the service must synchronize its permissions to the deployment Security Server.

CertificateAuthorityProperties

                                               
NameDefault valueTypeDescription

rsa.security.ca.alias

Service CA

string

The alias for the CA keypair.

rsa.security.ca.auto-sign-operational-certificate

false

boolean

Should the service operational certificate be automatically signed by the embedded CA?

rsa.security.ca.certificate-lifetime

1000

seconds

The certificate validity lifetime

rsa.security.ca.issued-time-allowance

10

seconds

The certificate issued time can allow some clock drift.

rsa.security.ca.store-certificates

false

boolean

Should the service store certificates it signs

PkiProperties

                                                                 
NameDefault valueTypeDescription

rsa.security.pki.audit-tls-hand-shakes

true

boolean

Enables auditing of TLS handshakes

rsa.security.pki.ciphers

[TLS_ECDHE_RSA_
WITH_AES_128_GCM_SHA256, TLS_ECDHE_
RSA_WITH_AES_128_
CBC_SHA256, TLS_
DHE_RSA_WITH_AES_
128_GCM_SHA256]

string[]

This property controls the list of SSL cipher suites used by the service.

rsa.security.pki.client-auth

 

ssl$clientauth

This property controls the SSL client authentication preference.

rsa.security.pki.tls-protocols

 

string[]

This property controls the TLS protocol versions supported by the applications.

rsa.security.pki.trust-synchronization-retry-interval

1

seconds

This property controls how long to wait before retrying a deployment trust synchronization attempt.

rsa.security.pki.use-deployment-trust

true

boolean

This property controls if the deployment security-server must be trusted.

rsa.security.pki.use-jvm-trust

false

boolean

This property controls if the JVM trust store should be used to validate peer certificates.

rsa.security.pki.verify-certificates

true

boolean

This property controls whether we must verify server certificates.

TransportBusProperties

                                                                                                     
NameDefault valueTypeDescription

rsa.transport.bus.advanced

 

map

A map that holds any other RabbitProperties configuration

rsa.transport.bus.enabled

true

boolean

Defines if Bus is enabled

rsa.transport.bus.host

localhost

string

The connection host

rsa.transport.bus.max-consumers

16

integer

Maximum number of consumers reading the queues

rsa.transport.bus.message-prefetch

1

integer

Number of messages to be handled in a single request

rsa.transport.bus.min-consumers

8

integer

Minimum number of consumers reading the queues

rsa.transport.bus.password

 

string

The connection password

rsa.transport.bus.port

5672

integer

The connection port

rsa.transport.bus.recovery-interval

15

seconds

The time to wait between attempts to recover a broken RabbitMQ broker connection.

rsa.transport.bus.reply-timeout

15

seconds

The time to wait for replies to arrive before giving up. AMQP is not connection-oriented so the absence of a service on the bus can only be determined by the absence of a reply. This timeout determines how long the framework waits before giving up.

rsa.transport.bus.secure

false

boolean

Use an SSL/TLS connection to the broker

rsa.transport.bus.shutdown-timeout

5

seconds

The time to wait for workers after the container is stopped, and before the connection is forced closed. If any workers are active when the shutdown signal comes they will be allowed to finish processing as long as they can finish within this timeout. Otherwise the connection is closed and messages remain unacked (if the channel is transactional).

rsa.transport.bus.username

 

string

The connection user

rsa.transport.bus.virtual-host

/rsa/system

string

The connection virtual host

TransportBusSubscriptionProperties

                       
NameDefault valueTypeDescription

rsa.transport.bus.subscription.subscribe-retry-interval

5

seconds

The interval to retry declaring the bindings for subscriptions if the exchange is unavailable or missing.

TransportProperties

                       
NameDefault valueTypeDescription

rsa.transport.detailed-errors-enabled

false

boolean

A boolean indicating whether the server should return detailed errors that may contain additional implementation details.

TransportHttpProperties

                                                                 
NameDefault valueTypeDescription

rsa.transport.http.access-token-headers

 

string[]

Defines the HTTP headers to check for an access token

rsa.transport.http.basic-auth-enabled

false

boolean

Defines if web security basic authentication should be enabled.

rsa.transport.http.enabled

true

boolean

Defines if HTTP is enabled

rsa.transport.http.keep-alive-timeout

60s

seconds

The number of seconds this Connector will wait for another HTTP request before closing the connection. Setting the value to 0 will indicate no (i.e. infinite) timeout.

rsa.transport.http.max-keep-alive-requests

100

integer

The maximum number of HTTP requests which can be pipelined until the connection is closed by the server. Setting this to -1 will allow an unlimited amount of pipelined or keep-alive HTTP requests.

rsa.transport.http.port

8080

short

Defines the HTTP port

rsa.transport.http.secure

true

boolean

Defines if HTTPS must be used

rsa.transport.http.session-id-random-algorithm

HMACDRBG

string

This property controls the algorithm to use for the SecureRandom used to generate HTTP session IDs.

You are here
Table of Contents > Launch-framework Configuration

Attachments

    Outcomes