a9s Messaging SPI Configuration
This document describes a9s Messaging SPI configuration.
Custom Parameter Configuration
The a9s Messaging SPI handles custom parameters for all service instances. It does configuration and validation of custom parameters.
The a9s Messaging SPI defines default values for certain custom parameters. Also, it defines whether a custom parameter can be set by the application developer.
The platform operator can overwrite those choices by changing the a9s Messaging
SPI configuration. The platform operator has to configure the property
rabbitmq-spi.service_instance.custom_param_config. The property
value must be a hash. Every key in that hash stands for a custom parameter and
the value for every key contains the configuration for that particular
parameter. The configuration for a particular param is a hash consisting of
the following optional keys: default_value and modifiable.
The key default_value specifies the default value for that parameter and
modifiable specifies whether the application developer is allowed to
set that custom parameter. For example:
rabbitmq-spi:
service_instance:
custom_param_config:
consumer_timeout:
default_value: 2500000
modifiable: false
Default Custom Parameter Configuration
The following table contains custom parameters that are configurable by the platform operator. The meaning of those custom parameters can be read in the application developer documentation for a9s Messaging.
| Name | Default value | Is modifiable |
|---|---|---|
consumer_timeout | 1800000 | true |
plugins | null | true |
audit-log-endpoint | null | false |
audit-log-ca-crt | null | false |
tls-protocols
The parameter tls-protocols maps to the RabbitMQ configuration
parameter ssl_options.versions, see Limiting TLS Versions Used by the Server.
The value for tls-protocols must be an array with the values tlsv1.3 and/or tlsv1.2.
tls-ciphers
The parameter tls-ciphers maps to the RabbitMQ configuration
parameter ssl_options.ciphers, see Configuring Cipher Suites.
The value for tls-ciphers must be an array of strings that list the cipher names.
a9s Messaging SPI does no validation for the tls-ciphers value except that
it must be an array of strings or null.
audit-log-endpoint
The parameter audit-log-endpoint is used to enable the a9s Messaging Audit log
feature.
The parameter represents the Syslog Service (e.g. a9s LogMe2) endpoint in the
format <schema>://<address>:<port>.
The <schema> value signifies the protocol type, adhering to the following specified format.
| Schema Name | Description | Example |
|---|---|---|
syslog-tls | TCP with TLS. It may be necessary to pass the Certificate Authority (CA) via audit-log-ca-crt | syslog-tls://syslog-domain:6514 |
syslog-tcp | TCP | syslog-tcp://syslog-domain:6514 |
The UDP protocol is not supported.
audit-log-ca-crt
The audit-log-ca-crt parameter is employed in conjunction with the audit-log-endpoint.
This parameter represents the Certificate Authority (CA) for the Syslog endpoint service, becoming necessary when TLS
is enabled, particularly if the VM streaming the Audit logs does not inherently trust the Syslog Service CA.
Example Configuration
Let's build an imaginary example.
The default value for the consuimer_timeout custom parameter should be 2000000.
The custom parameter plugins should have a default value
of ['rabbitmq_mqtt'] and the application developer should not be allowed to
change it.
Then the configuration must look the following way:
rabbitmq-spi:
service_instance:
custom_param_config:
consumer_timeout:
default_value: 2000000
modifiable: true
plugins:
default_value: ['rabbitmq_mqtt']
modifiable: false
Per Plan Configuration
Take a look at Service Plans documentation if you want to configure the custom parameters per plan.
Notes
Additional custom parameters will be made available over time. We do not make all available custom parameters the SPIs know available to the platform operator from the beginning.
During the SPI startup, the configuration the platform operator made will be checked. When it's invalid, the SPI will not start up.
rabbitmq-spi.protocols
For more details on this property, please refer to the a9s Framework TLS configuration documentation.