Launch-framework Configuration

ConfigurationModuleProperties

Name Default value Type Description

rsa.configuration.backoff-duration

1

seconds

Amount of time to wait until a retry is attempted if the config-server is unavailable

rsa.configuration.connection-timeout

30

seconds

A timeout how long to wait if the config-server is unavailable

rsa.configuration.remote-enabled

false

boolean

If the configuration server is even attempted

rsa.configuration.schema-synchronization-retry-interval

1

seconds

This property controls how long to wait before retrying a failed schema synchronization attempt.

ContentProperties

Name Default value Type Description

rsa.content.disk-path

path

The path where the content resides on disk

DataProperties

Name Default value Type Description

rsa.data.application.advanced

map

A set of advanced properties specific to the data provider

rsa.data.application.auth-mechanism

SCRAM

string

Default username/password authentication "SCRAM". Alternative: "PLAIN"

rsa.data.application.connection-timeout

5

seconds

How long to wait before giving up on a connection attempt

rsa.data.application.database

string

The database name

rsa.data.application.enabled

false

boolean

If true will enable database support

rsa.data.application.map-key-dot-replacement

string

Mongo disallows "." in map keys, if a value is provided, dots in map keys are replaced by it.

rsa.data.application.password

string

The connection password

rsa.data.application.secure

false

boolean

Use an SSL/TLS connection to the database

rsa.data.application.servers

[localhost]

string[]

A comma separated list of database servers

rsa.data.application.stat-cache-timeout

15

seconds

How long to wait before refreshing database statistics?

rsa.data.application.user

string

The connection user

rsa.data.control.advanced

map

A set of advanced properties specific to the data provider

rsa.data.control.auth-mechanism

SCRAM

string

Default username/password authentication "SCRAM". Alternative: "PLAIN"

rsa.data.control.connection-timeout

5

seconds

How long to wait before giving up on a connection attempt

rsa.data.control.database

string

The database name

rsa.data.control.enabled

false

boolean

If true will enable database support

rsa.data.control.map-key-dot-replacement

string

Mongo disallows "." in map keys, if a value is provided, dots in map keys are replaced by it.

rsa.data.control.password

string

The connection password

rsa.data.control.secure

false

boolean

Use an SSL/TLS connection to the database

rsa.data.control.servers

[localhost]

string[]

A comma separated list of database servers

rsa.data.control.stat-cache-timeout

15

seconds

How long to wait before refreshing database statistics?

rsa.data.control.user

string

The connection user

FileSystemProperties

Name Default value Type Description

rsa.filesystem.conf-path

/etc/netwitness

string

The path to directory where all service configuration resides. Ignored if prefix is specified.

rsa.filesystem.data-path

/var/lib/netwitness

string

The path to directory where all service data resides. Ignored if prefix is specified.

rsa.filesystem.logs-path

/var/log/netwitness

string

The path to directory where all service logs reside. Ignored if prefix is specified.

rsa.filesystem.prefix

string

If not empty the prefix specifies the root for all service file system state. When empty, the individual values are used.

HealthCheckProperties

Name Default value Type Description

rsa.health.check-every

15

seconds

Rate at which health checks are scheduled to run.

rsa.health.concurrency

5

integer

Number of concurrent threads that runs health checks.

rsa.health.timeout

30

seconds

Time out for a {@link com.rsa.asoc.launch.api.health.HealthCheck} when service health checks are run. If a component is unable to respond with health status with in this period, it is marked as {@link com.rsa.asoc.launch.api.health.Health.Status#Unhealthy}

LoggingAuditProperties

Name Default value Type Description

rsa.logging.audit.max-file-count

10

integer

The maximum number of archive files to retain.

rsa.logging.audit.max-file-size

10

bytes

The maximum size a log file is allowed to grow

LogForwarderProperties

Name Default value Type Description

rsa.logging.forward.categories

string[]

The log categories to choose for forwarding

rsa.logging.forward.destination

logforwarderproperties$destination

The forwarding destination

rsa.logging.forward.enabled

true

boolean

Is forwarding enabled?

rsa.logging.forward.host

localhost

string

The destination host address

rsa.logging.forward.port

50514

integer

The destination port

rsa.logging.forward.secure

false

boolean

Use TLS for forwarding (only supported with LOGSTASH_TCP)

LoggingProperties

Name Default value Type Description

rsa.logging.levels

string

Service log levels specified as a comma separated sequence of "logger:level". Note logger names are case sensitive.

LoggingOperationalProperties

Name Default value Type Description

rsa.logging.operations.max-file-count

10

integer

The maximum number of archive files to retain.

rsa.logging.operations.max-file-size

10

bytes

Maximum file size of each file allowed to grow

MetricsAggregationProperties

Name Default value Type Description

rsa.metrics.aggregation.enabled

true

boolean

Is the reporter enabled?

rsa.metrics.aggregation.filter-prefixes

list

What to report? The default behavior is to report everything, if a selection of metrics must be reported add their prefixes to this list.

rsa.metrics.aggregation.host

string

The host name of the aggregator.

rsa.metrics.aggregation.interval

1

seconds

How often to report?

rsa.metrics.aggregation.port

0

integer

The port number.

MetricsElasticProperties

Name Default value Type Description

rsa.metrics.elastic.enabled

true

boolean

Is the reporter enabled?

MetricsHistoricalProperties

Name Default value Type Description

rsa.metrics.historical.enabled

true

boolean

Is the reporter enabled?

rsa.metrics.historical.filter-prefixes

list

What to report? The default behavior is to report everything, if a selection of metrics must be reported add their prefixes to this list.

rsa.metrics.historical.interval

1

seconds

How often to report?

rsa.metrics.historical.max-file-count

10

integer

The maximum number of archive files to retain.

rsa.metrics.historical.max-file-size

10

bytes

Maximum file size of each file allowed to grow

MetricsJmxProperties

Name Default value Type Description

rsa.metrics.jmx.enabled

true

boolean

Is the reporter enabled?

rsa.metrics.jmx.filter-prefixes

list

What to report? The default behavior is to report everything, if a selection of metrics must be reported add their prefixes to this list.

rsa.metrics.jmx.interval

1

seconds

How often to report?

MetricsProperties

Name Default value Type Description

rsa.metrics.profile-api-invocation

true

boolean

Profiles timing of all {@link com.rsa.asoc.launch.api.annotation.LaunchApi} methods.

NotificationProperties

Name Default value Type Description

rsa.notification.drain-at-shutdown

true

boolean

The flag to control if we drain the notification queue before shutdown. If there are a lot of pending notifications this may cause noticeable delays in shutdown time, particularly if the deployment integration server is unavailable and each forward goes through the retry attempts.

rsa.notification.max-pending

1000

integer

The maximum number of notifications left pending.

rsa.notification.max-threads

1

integer

The size of the thread pool.

rsa.notification.retry-at-shutdown

true

boolean

The flag to control if we should retry failed notifications when the service is going down. This is true by default but can lead to delayed shutdowns if notifications cannot be forwarded.

rsa.notification.retry-attempts

integer

The number of times we retry if a notification cannot be forwarded to the centralized notification service. The default setting is to never give up but can be changed to smaller value (e.g. 10) if it is OK to drop some notifications.

rsa.notification.retry-delay

10s

seconds

The delay between successive retry attempts.

ProcessJvmMemoryProperties

Name Default value Type Description

rsa.process.jvm.memory-thresholds.fatal-percent

95

integer

Percent of heap memory usage, above which JVM health is marked Fatal

rsa.process.jvm.memory-thresholds.warning-percent

80

integer

Percent of heap memory usage, above which JVM health is marked Unhealthy

ProcessProperties

Name Default value Type Description

rsa.process.shutdown-delay

5

seconds

The delay between a request to shutdown and the eventual shutdown trigger.

AuthenticationProperties

Name Default value Type Description

rsa.security.authentication.prefetch-before

5

seconds

If prefetch service token enabled, fetch next when there is this much seconds left for expiry of current token

rsa.security.authentication.prefetch-service-token

true

boolean

Prefetch service tokens before they expire

rsa.security.authentication.refresh-token-lifetime

30

seconds

The time-to-live on a refresh token.

rsa.security.authentication.remote-enabled

false

boolean

Support remote authentication.

rsa.security.authentication.remote-timeout

30

seconds

The time to wait for a response before failing a remote authentication.

rsa.security.authentication.token-lifetime

8

seconds

The time-to-live on a token.

rsa.security.authentication.trusted-channel-enabled

true

boolean

Support trusted channel authentication.

AuthorizationProperties

Name Default value Type Description

rsa.security.authorization.permission-cache-expiry

15

seconds

This property controls cache expiry interval for the role to permissions mapping.

rsa.security.authorization.permission-cache-size

100

integer

This property controls number of role definitions cached in the service.

rsa.security.authorization.permission-synchronization-retry-interval

1

seconds

This property controls how long to wait before retrying a failed permission synchronization attempt.

rsa.security.authorization.remote-enabled

true

boolean

This property controls if the service must synchronize its permissions to the deployment Security Server.

CertificateAuthorityProperties

Name Default value Type Description

rsa.security.ca.alias

Service CA

string

The alias for the CA keypair.

rsa.security.ca.auto-sign-operational-certificate

false

boolean

Should the service operational certificate be automatically signed by the embedded CA?

rsa.security.ca.certificate-lifetime

1000

seconds

The certificate validity lifetime

rsa.security.ca.issued-time-allowance

10

seconds

The certificate issued time can allow some clock drift.

rsa.security.ca.store-certificates

false

boolean

Should the service store certificates it signs

PkiProperties

Name Default value Type Description

rsa.security.pki.audit-tls-hand-shakes

true

boolean

Enables auditing of TLS handshakes

rsa.security.pki.ciphers

[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256]

string[]

This property controls the list of SSL cipher suites used by the service.

rsa.security.pki.client-auth

ssl$clientauth

This property controls the SSL client authentication preference.

rsa.security.pki.tls-protocols

string[]

This property controls the TLS protocol versions supported by the applications.

rsa.security.pki.trust-synchronization-retry-interval

1

seconds

This property controls how long to wait before retrying a deployment trust synchronization attempt.

rsa.security.pki.use-deployment-trust

true

boolean

This property controls if the deployment security-server must be trusted.

rsa.security.pki.use-jvm-trust

false

boolean

This property controls if the JVM trust store should be used to validate peer certificates.

rsa.security.pki.verify-certificates

true

boolean

This property controls whether we must verify server certificates.

ServiceAccountProperties

Name Default value Type Description

rsa.security.serviceaccounts.auth-request-validity

1

seconds

Validity of the auth request

rsa.security.serviceaccounts.max-request-cache-size

10000

integer

Cache hashes of previously authenticated requests to prevent renegotiation attacks

rsa.security.serviceaccounts.min-interval-between-authentications

30

seconds

Minimum interval between authentications to prevent brut-force attacks

rsa.security.serviceaccounts.token-lifetime

1

seconds

The time-to-live for a service account token.

TransportBusProperties

Name Default value Type Description

rsa.transport.bus.advanced

map

A map that holds any other RabbitProperties configuration

rsa.transport.bus.enabled

true

boolean

Defines if Bus is enabled

rsa.transport.bus.host

localhost

string

The connection host

rsa.transport.bus.max-consumers

16

integer

Maximum number of consumers reading the queues

rsa.transport.bus.message-prefetch

1

integer

Number of messages to be handled in a single request

rsa.transport.bus.min-consumers

8

integer

Minimum number of consumers reading the queues

rsa.transport.bus.password

string

The connection password

rsa.transport.bus.port

5672

integer

The connection port

rsa.transport.bus.recovery-interval

15

seconds

The time to wait between attempts to recover a broken RabbitMQ broker connection.

rsa.transport.bus.reply-timeout

15

seconds

The time to wait for replies to arrive before giving up. AMQP is not connection-oriented so the absence of a service on the bus can only be determined by the absence of a reply. This timeout determines how long the framework waits before giving up.

rsa.transport.bus.secure

false

boolean

Use an SSL/TLS connection to the broker

rsa.transport.bus.shutdown-timeout

5

seconds

The time to wait for workers after the container is stopped, and before the connection is forced closed. If any workers are active when the shutdown signal comes they will be allowed to finish processing as long as they can finish within this timeout. Otherwise the connection is closed and messages remain unacked (if the channel is transactional).

rsa.transport.bus.username

string

The connection user

rsa.transport.bus.virtual-host

/rsa/system

string

The connection virtual host

TransportBusSubscriptionProperties

Name Default value Type Description

rsa.transport.bus.subscription.subscribe-retry-interval

5

seconds

The interval to retry declaring the bindings for subscriptions if the exchange is unavailable or missing.

TransportProperties

Name Default value Type Description

rsa.transport.detailed-errors-enabled

false

boolean

A boolean indicating whether the server should return detailed errors that may contain additional implementation details.

TransportHttpProperties

Name Default value Type Description

rsa.transport.http.access-token-headers

string[]

Defines the HTTP headers to check for an access token

rsa.transport.http.basic-auth-enabled

false

boolean

Defines if web security basic authentication should be enabled.

rsa.transport.http.enabled

true

boolean

Defines if HTTP is enabled

rsa.transport.http.keep-alive-timeout

60s

seconds

The number of seconds this Connector will wait for another HTTP request before closing the connection. Setting the value to 0 will indicate no (i.e. infinite) timeout.

rsa.transport.http.max-keep-alive-requests

100

integer

The maximum number of HTTP requests which can be pipelined until the connection is closed by the server. Setting this to -1 will allow an unlimited amount of pipelined or keep-alive HTTP requests.

rsa.transport.http.port

8080

short

Defines the HTTP port

rsa.transport.http.secure

true

boolean

Defines if HTTPS must be used

rsa.transport.http.session-id-random-algorithm

HMACDRBG

string

This property controls the algorithm to use for the SecureRandom used to generate HTTP session IDs.