Launch-framework ConfigurationLaunch-framework Configuration
ConfigurationModulePropertiesConfigurationModuleProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.configuration.backoff-duration |
1 |
seconds |
Amount of time to wait until a retry is attempted if the config-server is unavailable |
rsa.configuration.connection-timeout |
30 |
seconds |
A timeout how long to wait if the config-server is unavailable |
rsa.configuration.remote-enabled |
false |
boolean |
If the configuration server is even attempted |
rsa.configuration.schema-synchronization-retry-interval |
1 |
seconds |
This property controls how long to wait before retrying a failed schema synchronization attempt. |
ContentPropertiesContentProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.content.disk-path |
path |
The path where the content resides on disk |
DataPropertiesDataProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.data.application.advanced |
map |
A set of advanced properties specific to the data provider |
|
rsa.data.application.auth-mechanism |
SCRAM |
string |
Default username/password authentication "SCRAM". Alternative: "PLAIN" |
rsa.data.application.connection-timeout |
5 |
seconds |
How long to wait before giving up on a connection attempt |
rsa.data.application.database |
string |
The database name |
|
rsa.data.application.enabled |
false |
boolean |
If true will enable database support |
rsa.data.application.map-key-dot-replacement |
string |
Mongo disallows "." in map keys, if a value is provided, dots in map keys are replaced by it. |
|
rsa.data.application.password |
string |
The connection password |
|
rsa.data.application.secure |
false |
boolean |
Use an SSL/TLS connection to the database |
rsa.data.application.servers |
[localhost] |
string[] |
A comma separated list of database servers |
rsa.data.application.stat-cache-timeout |
15 |
seconds |
How long to wait before refreshing database statistics? |
rsa.data.application.user |
string |
The connection user |
|
rsa.data.control.advanced |
map |
A set of advanced properties specific to the data provider |
|
rsa.data.control.auth-mechanism |
SCRAM |
string |
Default username/password authentication "SCRAM". Alternative: "PLAIN" |
rsa.data.control.connection-timeout |
5 |
seconds |
How long to wait before giving up on a connection attempt |
rsa.data.control.database |
string |
The database name |
|
rsa.data.control.enabled |
false |
boolean |
If true will enable database support |
rsa.data.control.map-key-dot-replacement |
string |
Mongo disallows "." in map keys, if a value is provided, dots in map keys are replaced by it. |
|
rsa.data.control.password |
string |
The connection password |
|
rsa.data.control.secure |
false |
boolean |
Use an SSL/TLS connection to the database |
rsa.data.control.servers |
[localhost] |
string[] |
A comma separated list of database servers |
rsa.data.control.stat-cache-timeout |
15 |
seconds |
How long to wait before refreshing database statistics? |
rsa.data.control.user |
string |
The connection user |
FileSystemPropertiesFileSystemProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.filesystem.conf-path |
/etc/netwitness |
string |
The path to directory where all service configuration resides. Ignored if prefix is specified. |
rsa.filesystem.data-path |
/var/lib/netwitness |
string |
The path to directory where all service data resides. Ignored if prefix is specified. |
rsa.filesystem.logs-path |
/var/log/netwitness |
string |
The path to directory where all service logs reside. Ignored if prefix is specified. |
rsa.filesystem.prefix |
string |
If not empty the prefix specifies the root for all service file system state. When empty, the individual values are used. |
HealthCheckPropertiesHealthCheckProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.health.check-every |
15 |
seconds |
Rate at which health checks are scheduled to run. |
rsa.health.concurrency |
5 |
integer |
Number of concurrent threads that runs health checks. |
rsa.health.timeout |
30 |
seconds |
Time out for a {@link com.rsa.asoc.launch.api.health.HealthCheck} when service health checks are run. If a component is unable to respond with health status with in this period, it is marked as {@link com.rsa.asoc.launch.api.health.Health.Status#Unhealthy} |
LoggingAuditPropertiesLoggingAuditProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.logging.audit.max-file-count |
10 |
integer |
The maximum number of archive files to retain. |
rsa.logging.audit.max-file-size |
10 |
bytes |
The maximum size a log file is allowed to grow |
LogForwarderPropertiesLogForwarderProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.logging.forward.categories |
string[] |
The log categories to choose for forwarding |
|
rsa.logging.forward.destination |
logforwarderproperties$destination |
The forwarding destination |
|
rsa.logging.forward.enabled |
true |
boolean |
Is forwarding enabled? |
rsa.logging.forward.host |
localhost |
string |
The destination host address |
rsa.logging.forward.port |
50514 |
integer |
The destination port |
rsa.logging.forward.secure |
false |
boolean |
Use TLS for forwarding (only supported with LOGSTASH_TCP) |
LoggingPropertiesLoggingProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.logging.levels |
string |
Service log levels specified as a comma separated sequence of "logger:level". Note logger names are case sensitive. |
LoggingOperationalPropertiesLoggingOperationalProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.logging.operations.max-file-count |
10 |
integer |
The maximum number of archive files to retain. |
rsa.logging.operations.max-file-size |
10 |
bytes |
Maximum file size of each file allowed to grow |
MetricsAggregationPropertiesMetricsAggregationProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.metrics.aggregation.enabled |
true |
boolean |
Is the reporter enabled? |
rsa.metrics.aggregation.filter-prefixes |
list |
What to report? The default behavior is to report everything, if a selection of metrics must be reported add their prefixes to this list. |
|
rsa.metrics.aggregation.host |
string |
The host name of the aggregator. |
|
rsa.metrics.aggregation.interval |
1 |
seconds |
How often to report? |
rsa.metrics.aggregation.port |
0 |
integer |
The port number. |
MetricsElasticPropertiesMetricsElasticProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.metrics.elastic.enabled |
true |
boolean |
Is the reporter enabled? |
MetricsHistoricalPropertiesMetricsHistoricalProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.metrics.historical.enabled |
true |
boolean |
Is the reporter enabled? |
rsa.metrics.historical.filter-prefixes |
list |
What to report? The default behavior is to report everything, if a selection of metrics must be reported add their prefixes to this list. |
|
rsa.metrics.historical.interval |
1 |
seconds |
How often to report? |
rsa.metrics.historical.max-file-count |
10 |
integer |
The maximum number of archive files to retain. |
rsa.metrics.historical.max-file-size |
10 |
bytes |
Maximum file size of each file allowed to grow |
MetricsJmxPropertiesMetricsJmxProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.metrics.jmx.enabled |
true |
boolean |
Is the reporter enabled? |
rsa.metrics.jmx.filter-prefixes |
list |
What to report? The default behavior is to report everything, if a selection of metrics must be reported add their prefixes to this list. |
|
rsa.metrics.jmx.interval |
1 |
seconds |
How often to report? |
MetricsPropertiesMetricsProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.metrics.profile-api-invocation |
true |
boolean |
Profiles timing of all {@link com.rsa.asoc.launch.api.annotation.LaunchApi} methods. |
NotificationPropertiesNotificationProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.notification.drain-at-shutdown |
true |
boolean |
The flag to control if we drain the notification queue before shutdown. If there are a lot of pending notifications this may cause noticeable delays in shutdown time, particularly if the deployment integration server is unavailable and each forward goes through the retry attempts. |
rsa.notification.max-pending |
1000 |
integer |
The maximum number of notifications left pending. |
rsa.notification.max-threads |
1 |
integer |
The size of the thread pool. |
rsa.notification.retry-at-shutdown |
true |
boolean |
The flag to control if we should retry failed notifications when the service is going down. This is true by default but can lead to delayed shutdowns if notifications cannot be forwarded. |
rsa.notification.retry-attempts |
integer |
The number of times we retry if a notification cannot be forwarded to the centralized notification service. The default setting is to never give up but can be changed to smaller value (e.g. 10) if it is OK to drop some notifications. |
|
rsa.notification.retry-delay |
10s |
seconds |
The delay between successive retry attempts. |
ProcessJvmMemoryPropertiesProcessJvmMemoryProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.process.jvm.memory-thresholds.fatal-percent |
95 |
integer |
Percent of heap memory usage, above which JVM health is marked Fatal |
rsa.process.jvm.memory-thresholds.warning-percent |
80 |
integer |
Percent of heap memory usage, above which JVM health is marked Unhealthy |
ProcessPropertiesProcessProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.process.shutdown-delay |
5 |
seconds |
The delay between a request to shutdown and the eventual shutdown trigger. |
AuthenticationPropertiesAuthenticationProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.security.authentication.prefetch-before |
5 |
seconds |
If prefetch service token enabled, fetch next when there is this much seconds left for expiry of current token |
rsa.security.authentication.prefetch-service-token |
true |
boolean |
Prefetch service tokens before they expire |
rsa.security.authentication.refresh-token-lifetime |
30 |
seconds |
The time-to-live on a refresh token. |
rsa.security.authentication.remote-enabled |
false |
boolean |
Support remote authentication. |
rsa.security.authentication.remote-timeout |
30 |
seconds |
The time to wait for a response before failing a remote authentication. |
rsa.security.authentication.token-lifetime |
8 |
seconds |
The time-to-live on a token. |
rsa.security.authentication.trusted-channel-enabled |
true |
boolean |
Support trusted channel authentication. |
AuthorizationPropertiesAuthorizationProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.security.authorization.permission-cache-expiry |
15 |
seconds |
This property controls cache expiry interval for the role to permissions mapping. |
rsa.security.authorization.permission-cache-size |
100 |
integer |
This property controls number of role definitions cached in the service. |
rsa.security.authorization.permission-synchronization-retry-interval |
1 |
seconds |
This property controls how long to wait before retrying a failed permission synchronization attempt. |
rsa.security.authorization.remote-enabled |
true |
boolean |
This property controls if the service must synchronize its permissions to the deployment Security Server. |
CertificateAuthorityPropertiesCertificateAuthorityProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.security.ca.alias |
Service CA |
string |
The alias for the CA keypair. |
rsa.security.ca.auto-sign-operational-certificate |
false |
boolean |
Should the service operational certificate be automatically signed by the embedded CA? |
rsa.security.ca.certificate-lifetime |
1000 |
seconds |
The certificate validity lifetime |
rsa.security.ca.issued-time-allowance |
10 |
seconds |
The certificate issued time can allow some clock drift. |
rsa.security.ca.store-certificates |
false |
boolean |
Should the service store certificates it signs |
PkiPropertiesPkiProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.security.pki.audit-tls-hand-shakes |
true |
boolean |
Enables auditing of TLS handshakes |
rsa.security.pki.ciphers |
[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256] |
string[] |
This property controls the list of SSL cipher suites used by the service. |
rsa.security.pki.client-auth |
ssl$clientauth |
This property controls the SSL client authentication preference. |
|
rsa.security.pki.tls-protocols |
string[] |
This property controls the TLS protocol versions supported by the applications. |
|
rsa.security.pki.trust-synchronization-retry-interval |
1 |
seconds |
This property controls how long to wait before retrying a deployment trust synchronization attempt. |
rsa.security.pki.use-deployment-trust |
true |
boolean |
This property controls if the deployment security-server must be trusted. |
rsa.security.pki.use-jvm-trust |
false |
boolean |
This property controls if the JVM trust store should be used to validate peer certificates. |
rsa.security.pki.verify-certificates |
true |
boolean |
This property controls whether we must verify server certificates. |
ServiceAccountPropertiesServiceAccountProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.security.serviceaccounts.auth-request-validity |
1 |
seconds |
Validity of the auth request |
rsa.security.serviceaccounts.max-request-cache-size |
10000 |
integer |
Cache hashes of previously authenticated requests to prevent renegotiation attacks |
rsa.security.serviceaccounts.min-interval-between-authentications |
30 |
seconds |
Minimum interval between authentications to prevent brut-force attacks |
rsa.security.serviceaccounts.token-lifetime |
1 |
seconds |
The time-to-live for a service account token. |
TransportBusPropertiesTransportBusProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.transport.bus.advanced |
map |
A map that holds any other RabbitProperties configuration |
|
rsa.transport.bus.enabled |
true |
boolean |
Defines if Bus is enabled |
rsa.transport.bus.host |
localhost |
string |
The connection host |
rsa.transport.bus.max-consumers |
16 |
integer |
Maximum number of consumers reading the queues |
rsa.transport.bus.message-prefetch |
1 |
integer |
Number of messages to be handled in a single request |
rsa.transport.bus.min-consumers |
8 |
integer |
Minimum number of consumers reading the queues |
rsa.transport.bus.password |
string |
The connection password |
|
rsa.transport.bus.port |
5672 |
integer |
The connection port |
rsa.transport.bus.recovery-interval |
15 |
seconds |
The time to wait between attempts to recover a broken RabbitMQ broker connection. |
rsa.transport.bus.reply-timeout |
15 |
seconds |
The time to wait for replies to arrive before giving up. AMQP is not connection-oriented so the absence of a service on the bus can only be determined by the absence of a reply. This timeout determines how long the framework waits before giving up. |
rsa.transport.bus.secure |
false |
boolean |
Use an SSL/TLS connection to the broker |
rsa.transport.bus.shutdown-timeout |
5 |
seconds |
The time to wait for workers after the container is stopped, and before the connection is forced closed. If any workers are active when the shutdown signal comes they will be allowed to finish processing as long as they can finish within this timeout. Otherwise the connection is closed and messages remain unacked (if the channel is transactional). |
rsa.transport.bus.username |
string |
The connection user |
|
rsa.transport.bus.virtual-host |
/rsa/system |
string |
The connection virtual host |
TransportBusSubscriptionPropertiesTransportBusSubscriptionProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.transport.bus.subscription.subscribe-retry-interval |
5 |
seconds |
The interval to retry declaring the bindings for subscriptions if the exchange is unavailable or missing. |
TransportPropertiesTransportProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.transport.detailed-errors-enabled |
false |
boolean |
A boolean indicating whether the server should return detailed errors that may contain additional implementation details. |
TransportHttpPropertiesTransportHttpProperties
Name | Default value | Type | Description |
---|---|---|---|
rsa.transport.http.access-token-headers |
string[] |
Defines the HTTP headers to check for an access token |
|
rsa.transport.http.basic-auth-enabled |
false |
boolean |
Defines if web security basic authentication should be enabled. |
rsa.transport.http.enabled |
true |
boolean |
Defines if HTTP is enabled |
rsa.transport.http.keep-alive-timeout |
60s |
seconds |
The number of seconds this Connector will wait for another HTTP request before closing the connection. Setting the value to 0 will indicate no (i.e. infinite) timeout. |
rsa.transport.http.max-keep-alive-requests |
100 |
integer |
The maximum number of HTTP requests which can be pipelined until the connection is closed by the server. Setting this to -1 will allow an unlimited amount of pipelined or keep-alive HTTP requests. |
rsa.transport.http.port |
8080 |
short |
Defines the HTTP port |
rsa.transport.http.secure |
true |
boolean |
Defines if HTTPS must be used |
rsa.transport.http.session-id-random-algorithm |
HMACDRBG |
string |
This property controls the algorithm to use for the SecureRandom used to generate HTTP session IDs. |