You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by li...@apache.org on 2022/05/17 09:06:46 UTC
[pulsar] branch master updated: [feature][doc] Add configs for full-support tls provider and managed cursor compression (#15210)
This is an automated email from the ASF dual-hosted git repository.
liuyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 56784091e78 [feature][doc] Add configs for full-support tls provider and managed cursor compression (#15210)
56784091e78 is described below
commit 56784091e7821abe4c8fb26c2d0f060cbfc7ee0b
Author: momo-jun <60...@users.noreply.github.com>
AuthorDate: Tue May 17 17:06:37 2022 +0800
[feature][doc] Add configs for full-support tls provider and managed cursor compression (#15210)
---
site2/docs/reference-configuration.md | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/site2/docs/reference-configuration.md b/site2/docs/reference-configuration.md
index c4a42240428..de89881c14b 100644
--- a/site2/docs/reference-configuration.md
+++ b/site2/docs/reference-configuration.md
@@ -152,6 +152,7 @@ Pulsar brokers are responsible for handling incoming messages from producers, di
|brokerServicePortTls| Broker data port for TLS |6651|
|webServicePort| Port to use to server HTTP request |8080|
|webServicePortTls| Port to use to server HTTPS request |8443|
+|webServiceTlsProvider | The TLS provider for the web service. Available values: `SunJSSE`, `Conscrypt`, and so on. | Conscrypt |
|webSocketServiceEnabled| Enable the WebSocket API service in broker |false|
|webSocketNumIoThreads|The number of IO threads in Pulsar Client used in WebSocket proxy.|Runtime.getRuntime().availableProcessors()|
|webSocketConnectionsPerBroker|The number of connections per Broker in Pulsar Client used in WebSocket proxy.|Runtime.getRuntime().availableProcessors()|
@@ -220,7 +221,7 @@ brokerServiceCompactionThresholdInBytes|If the estimated backlog size is greater
|tlsProtocols|Specify the tls protocols the broker will use to negotiate during TLS Handshake. Multiple values can be specified, separated by commas. Example:- ```TLSv1.3```, ```TLSv1.2``` ||
|tlsCiphers|Specify the tls cipher the broker will use to negotiate during TLS Handshake. Multiple values can be specified, separated by commas. Example:- ```TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256```||
|tlsEnabledWithKeyStore| Enable TLS with KeyStore type configuration in broker |false|
-|tlsProvider| TLS Provider for KeyStore type ||
+|tlsProvider| The TLS provider for the broker service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A
|tlsKeyStoreType| LS KeyStore type configuration in broker: JKS, PKCS12 |JKS|
|tlsKeyStore| TLS KeyStore path in broker ||
|tlsKeyStorePassword| TLS KeyStore password for broker ||
@@ -246,7 +247,7 @@ brokerServiceCompactionThresholdInBytes|If the estimated backlog size is greater
|maxUnackedMessagesPerConsumer| Max number of unacknowledged messages allowed to receive messages by a consumer on a shared subscription. Broker will stop sending messages to consumer once, this limit reaches until consumer starts acknowledging messages back. Using a value of 0, is disabling unackeMessage limit check and consumer can receive messages without any restriction |50000|
|maxUnackedMessagesPerSubscription| Max number of unacknowledged messages allowed per shared subscription. Broker will stop dispatching messages to all consumers of the subscription once this limit reaches until consumer starts acknowledging messages back and unack count reaches to limit/2. Using a value of 0, is disabling unackedMessage-limit check and dispatcher can dispatch messages without any restriction |200000|
|subscriptionRedeliveryTrackerEnabled| Enable subscription message redelivery tracker |true|
-|subscriptionExpirationTimeMinutes | How long to delete inactive subscriptions from last consuming. <br/><br/>Setting this configuration to a value **greater than 0** deletes inactive subscriptions automatically.<br/>Setting this configuration to **0** does not delete inactive subscriptions automatically. <br/><br/> Since this configuration takes effect on all topics, if there is even one topic whose subscriptions should not be deleted automatically, you need to set it to 0. <br/>Instead [...]
+|subscriptionExpirationTimeMinutes | How long to delete inactive subscriptions from last consuming. <br /><br />Setting this configuration to a value **greater than 0** deletes inactive subscriptions automatically.<br />Setting this configuration to **0** does not delete inactive subscriptions automatically. <br /><br /> Since this configuration takes effect on all topics, if there is even one topic whose subscriptions should not be deleted automatically, you need to set it to 0. <br />I [...]
|maxConcurrentLookupRequest| Max number of concurrent lookup request broker allows to throttle heavy incoming lookup traffic |50000|
|maxConcurrentTopicLoadRequest| Max number of concurrent topic loading request broker allows to control number of zk-operations |5000|
|authenticationEnabled| Enable authentication |false|
@@ -386,6 +387,7 @@ brokerServiceCompactionThresholdInBytes|If the estimated backlog size is greater
| enableExposingBrokerEntryMetadataToClient|Whether to expose broker entry metadata to client or not.<br /><br />Available values:<li>true</li><li>false</li><br />Example<br />enableExposingBrokerEntryMetadataToClient=true | false |
| metricsBufferResponse | The configuration is for those broker which there are more than one metrics system access the `/metrics` endpoint. For the purpose of reduce `CPU` and `Memory` usage, metrics data will be generated once in the interval(`managedLedgerStatsPeriodSeconds`) and it will be cached, all `/metrics` requests in the `interval` will return same metrics | false |
| strictBookieAffinityEnabled | Enable or disable the strict bookie isolation strategy. If enabled, <br /> - `bookie-ensemble` first tries to choose bookies that belong to a namespace's affinity group. If the number of bookies is not enough, then the rest bookies are chosen. <br /> - If namespace has no affinity group, `bookie-ensemble` only chooses bookies that belong to no region. If the number of bookies is not enough, `BKNotEnoughBookiesException` is thrown.| false |
+|managedCursorInfoCompressionType | The compression type of managed cursor information. <br />Available options are `NONE`, `LZ4`, `ZLIB`, `ZSTD`, and `SNAPPY`). <br />If this value is `NONE`, managed cursor information is not compressed. | NONE
#### Deprecated parameters of Broker
@@ -482,6 +484,7 @@ You can set the log level and configuration in the [log4j2.yaml](https://github
|configurationMetadataStoreUrl| Configuration store connection string (as a comma-separated list) ||
|brokerServicePort| The port on which the standalone broker listens for connections |6650|
|webServicePort| The port used by the standalone broker for HTTP requests |8080|
+|webServiceTlsProvider | The TLS provider for the web service. Available values: `SunJSSE`, `Conscrypt`, and so on. | Conscrypt |
|bindAddress| The hostname or IP address on which the standalone service binds |0.0.0.0|
|bindAddresses| Additional Hostname or IP addresses the service binds on: `listener_name:scheme://host:port,...`. ||
|advertisedAddress| The hostname or IP address that the standalone service advertises to the outside world. If not set, the value of `InetAddress.getLocalHost().getHostName()` is used. ||
@@ -569,7 +572,7 @@ You can set the log level and configuration in the [log4j2.yaml](https://github
| tlsCiphers | Specify the TLS cipher the broker uses to negotiate during TLS Handshake. | |
| tlsRequireTrustedClientCertOnConnect | Trusted client certificates are required for to connect TLS. Reject the Connection if the client certificate is not trusted. In effect, this requires that all connecting clients perform TLS client authentication. | false |
| tlsEnabledWithKeyStore | Enable TLS with KeyStore type configuration in broker. | false |
-| tlsProvider | TLS Provider for KeyStore type. | |
+|tlsProvider| The TLS provider for the broker service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A
| tlsKeyStoreType | TLS KeyStore type configuration in the broker.<li>JKS <li>PKCS12 |JKS|
| tlsKeyStore | TLS KeyStore path in the broker. | |
| tlsKeyStorePassword | TLS KeyStore password for the broker. | |
@@ -717,6 +720,8 @@ You can set the log level and configuration in the [log4j2.yaml](https://github
|isAllowAutoUpdateSchemaEnabled|Allow schema to be auto updated at broker level.|true|
|schemaCompatibilityStrategy| The schema compatibility strategy at broker level, see [here](schema-evolution-compatibility.md#schema-compatibility-check-strategy) for available values.|FULL|
|systemTopicSchemaCompatibilityStrategy| The schema compatibility strategy is used for system topics, see [here](schema-evolution-compatibility.md#schema-compatibility-check-strategy) for available values.|ALWAYS_COMPATIBLE|
+|managedCursorInfoCompressionType | The compression type of managed cursor information. <br />Available options are `NONE`, `LZ4`, `ZLIB`, `ZSTD`, and `SNAPPY`). <br />If this value is `NONE`, managed cursor information is not compressed. | NONE
+
#### Deprecated parameters of standalone Pulsar
The following parameters have been deprecated in the `conf/standalone.conf` file.
@@ -756,6 +761,8 @@ The following parameters have been deprecated in the `conf/standalone.conf` file
|tlsCertificateFilePath|||
|tlsKeyFilePath |||
|tlsTrustCertsFilePath|||
+|tlsProvider | The TLS provider for websocket. Available values: `SunJSSE`, `Conscrypt`, and so on. | Conscrypt |
+
#### Deprecated parameters of WebSocket
The following parameters have been deprecated in the `conf/websocket.conf` file.
@@ -810,6 +817,7 @@ The [Pulsar proxy](concepts-architecture-overview.md#pulsar-proxy) can be config
|tlsRequireTrustedClientCertOnConnect| Whether client certificates are required for TLS. Connections are rejected if the client certificate isn’t trusted. |false|
|tlsProtocols|Specify the tls protocols the broker will use to negotiate during TLS Handshake. Multiple values can be specified, separated by commas. Example:- ```TLSv1.3```, ```TLSv1.2``` ||
|tlsCiphers|Specify the tls cipher the broker will use to negotiate during TLS Handshake. Multiple values can be specified, separated by commas. Example:- ```TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256```||
+|tlsProvider| The TLS provider for the broker service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A
| httpReverseProxyConfigs | HTTP directs to redirect to non-pulsar services | |
| httpOutputBufferSize | HTTP output buffer size. The amount of data that will be buffered for HTTP requests before it is flushed to the channel. A larger buffer size may result in higher HTTP throughput though it may take longer for the client to see data. If using HTTP streaming via the reverse proxy, this should be set to the minimum value (1) so that clients see the data as soon as possible. | 32768 |
| httpNumThreads | Number of threads to use for HTTP requests processing| 2 * Runtime.getRuntime().availableProcessors() |
@@ -822,6 +830,8 @@ The [Pulsar proxy](concepts-architecture-overview.md#pulsar-proxy) can be config
|haProxyProtocolEnabled | Enable or disable the [HAProxy](http://www.haproxy.org/) protocol. |false|
| numIOThreads | Number of threads used for Netty IO. | 2 * Runtime.getRuntime().availableProcessors() |
| numAcceptorThreads | Number of threads used for Netty Acceptor. | 1 |
+|webServiceTlsProvider | The TLS provider for the web service. Available values: `SunJSSE`, `Conscrypt`, and so on. | Conscrypt |
+
#### Deprecated parameters of Pulsar proxy
The following parameters have been deprecated in the `conf/proxy.conf` file.