The server properties file contains several properties
that define different settings for your server, such as trace settings,
logging, and security configuration. The server properties file is
used by the catalog service and container servers.
Sample server properties file
You can use the sampleServer.properties file
that is in the extremescale_root/properties directory
to create your properties file.
Specifying a server properties file
You can
specify the server properties file in one of the following ways. Specifying
a setting by using one of the items later in the list overrides the
previous setting. For example, if you specify a system property value
for the server properties file, the properties in that file override
the values in the
objectGridServer.properties file
that is in the classpath.
- As a well-named file in the classpath. If you put this well-named
file in the current directory, the file is not found unless the current
directory is in the classpath. The name that is used follows:
objectGridServer.properties
- As a system property in either a stand-alone or WebSphere® Application
Server configuration that specifies
a file in the system current directory. The file cannot be in the
classpath:
-Dobjectgrid.server.props=file_name
- As a parameter when you run the startOgServer command.
You can override these properties manually to specify a file in the
system current directory:
-serverProps file_name
- As a programmatic override using the ServerFactory.getServerProperties and ServerFactory.getCatalogServerProperties methods.
The data in the object is populated with the data from the properties
files.
Server properties
- General properties
- workingDirectory
- Specifies the location to where the container server output is
written. When this value is not specified, the output is written to
a log directory within the current directory.
This property applies to both the container server and the catalog
service.
Default: no value
- traceSpec
- Enables trace and the trace specification string for the container
server. Trace is disabled by default. This property applies to both
the container server and the catalog service.
Default: *=all=disabled
- traceFile
- Specifies a file name to write trace information. This property
applies to both the container server and the catalog service.
- systemStreamToFileEnabled
- Enables the container to write the SystemOut, SystemErr, and trace
output to a file. If this property is set to false,
output is not written to a file and is instead written to the console.
Default: true
- enableMBeans
- Enables ObjectGrid container Managed Beans (MBean). This property
applies to both the container server and the catalog service.
Default: true
- serverName
- Sets the server name that is used to identify the server. This
property applies to both the container server and the catalog service.
- zoneName
- Set the name of the zone to which the server belongs. This property
applies to both the container server and the catalog service.
- haManagerPort
- Synonymous with peer port. Specifies the port number the high
availability manager uses. If this property is not set, the catalog
service generates an available port automatically. This property applies
to both the container server and the catalog service.
- listenerHost
- Specifies the host name to which the Object Request Broker (ORB)
should bind. This property applies to both the container server and
the catalog service.
- listenerPort
- Specifies the port number to which the Object Request Broker (ORB)
should bind. This property applies to both the container server and
the catalog service.
- JMXServicePort
- Specifies the port number on which the MBean server should listen.
This property applies to both the container server and the catalog
service.
- Container server properties
- statsSpec
- Specifies the stats specification for the container server.
Example:
all=disabled
- memoryThresholdPercentage
- Sets the memory threshold for memory-based eviction. The percentage
specifies the maximum heap that should be used in the Java™ virtual
machine (JVM) before eviction occurs.
The default value is -1, which indicates that
the memory threshold is not set. If the memoryThresholdPercentage
property is set, the MemoryPoolMXBean value is set with the provided
value. See MemoryPoolMXBean interface in the Java API specification for more information.
However, eviction occurs only if eviction is enabled on an evictor.
To enable memory based eviction, see Evictors.
This property only applies to a container server.
- catalogServiceEndPoints
- Specifies the end points to connect to the catalog service cluster.
This value should be in the form host:port<,host:port> where
the host value is the listenerHost value and the port value is the
listenerPort value of the catalog server. This property only applies
to a container server.
- Catalog service properties
- domainName
- Specifies the domain name that is used to uniquely identify this
catalog service grid to clients when routing to multiple domains.
This property only applies to the catalog service.
- enableQuorum
- Enables quorum for the catalog service. Quorum is used to ensure
that a majority of the catalog service grid is available before allowing
modification to the placement of partitions on available container
servers. To enable quorum, set the value to true or enabled.
The default value is disabled. This property
only applies to the catalog service.
- catalogClusterEndpoints
- Specifies the catalog service grid end points for the catalog
service. This property specifies the catalog service end points to
start the catalog service grid. Use the following format:
serverName:hostName:clientPort:peerPort<serverName:hostName:clientPort:peerPort>
This
property only applies to the catalog service.
- heartBeatFrequencyLevel
- Specifies how often heartbeats occur. The heartbeat frequency
level is a trade-off between use of resources and failure discovery
time. The more frequently heartbeats occur, more resources are used,
but failures are discovered more quickly. This property applies only
to the catalog service. Use one of the following values:
- 0: Specifies a heartbeat level at a typical
rate. With this value, failover detection occurs at a reasonable rate
without overusing resources. (Default)
- -1: Specifies an aggressive heartbeat level.
With this value, failures are detected more quickly, but also uses
additional processor and network resources. This level is more sensitive
to missing heartbeats when the server is busy.
- 1: Specifies a relaxed heartbeat level.
With this value, a decreased heartbeat frequency increases the time
to detect failures, but also decreases processor and network use.
Security server properties
The server properties
file is also used to configure
eXtreme Scale server security.
You use a single server property file to specify both basic the properties
and security properties.
- General security properties
- securityEnabled
- Enables the container server security when set to true.
The default value is false. This property should
match the securityEnabled property that is specified in the objectGridSecurity.xml file
that is provided to the catalog server.
- credentialAuthentication
- Indicates whether this server supports credential authentication.
Chose one of the following values:
- Never: The server does not support credential
authentication.
- Supported: The server supports the credential
authentication if the client also supports credential authentication.
- Required: The client requires credential
authentication.
See Application client authentication for details about credential
authentication.
- Transport layer security settings
- transportType
- Specifies the server transport type. Use one of the following
values:
- TCP/IP: Indicates that the server only
supports TCP/IP connections.
- SSL-Supported: Indicates that the server
supports both TCP/IP and Secure Sockets Layer (SSL) connections. (Default)
- SSL-Required: Indicates that the server
requires SSL connections.
- SSL configuration properties
- alias
- Specifies the alias name in the key store. This property is used
if the key store has multiple key pair certificates and you want to
select one of the certificates.
Default: no value
- contextProvider
- Specifies the name of the context provider for the trust service.
If you indicate a value that is not valid, a security exception results
that indicates that the context provider type is incorrect.
Valid
values: IBMJSSE2, IBMJSSE, IBMJSSEFIPS,
and so on.
- protocol
- Indicates the type of security protocol to use for the client.
Set this protocol value based on which Java Secure
Socket Extension (JSSE) provider you use. If you indicate a value
that is not valid, a security exception results that indicates that
the protocol value is incorrect.
Valid values: SSL, SSLv2, SSLv3, TLS, TLSv1,
and so on.
- keyStoreType
- Indicates the type of key store. If you indicate a value that
is not valid, a runtime security exception results.
Valid values: JKS, JCEK, PKCS12,
and so on.
- trustStoreType
- Indicates the type of trust store. If you indicate a value that
is not valid, a runtime security exception results.
Valid values: JKS, JCEK, PKCS12,
and so on.
- keyStore
- Specifies a fully qualified path to the key store file.
Example:
etc/test/security/client.private
- trustStore
- Specifies a fully qualified path to the trust store file.
Example:
etc/test/security/server.public
- keyStorePassword
- Specifies the string password to the key store. You can encode
this value or use the actual value.
- trustStorePassword
- Specifies a string password to the trust store. You can encode
this value or use the actual value.
- clientAuthentication
- If the property is set to true, the SSL client must be authenticated.
Authenticating the SSL client is different from the client certificate
authentication. Client certificate authentication means authenticating
a client to a user registry based on the certificate chain. This property
ensures that the server connects to the right client.
- SecureTokenManager setting
- The SecureTokenManager setting is used for protecting the secret
string for server mutual authentications and for protecting the single
sign-on token.Grid security
- secureTokenManagerType
- Specifies the type of SecureTokenManager setting. You can use
one of the following settings:
- none: Indicates that no secure token manager
is used.
- default: Indicates that the token manager
that is supplied with the WebSphere eXtreme Scale product
is used. You must provide a SecureToken key store configuration.
- custom: Indicates that you have your own
token manager that you specified with the SecureTokenManager implementation
class.
- customTokenManagerClass
- Specifies the name of your SecureTokenManager implementation
class, if you have specified the SecureTokenManagerType property value
as custom. The implementation class must have
a default constructor to be instantiated.
- customSecureTokenManagerProps
- Specifies the custom SecureTokenManager implementation class properties.
This property is used only if the secureTokenManagerType value is custom.
The value is set to the SecureTokenManager Object with the setProperties(String) method.
- Secure token key store configuration
- secureTokenKeyStore
- Specifies the file path name for the keystore that stores the
public-private key pair and the secret key.
- secureTokenKeyStoreType
- Specifies the keystore type, for example, JCKES. You can set this
value based on the Java Secure
Socket Extension (JSSE) provider that you use. However, this keystore
must support secret keys.
- secureTokenKeyPairAlias
- Specifies the alias of the public-private key pair that is used
for signing and verifying.
- secureTokenKeyPairPassword
- Specifies the password to protect the key pair alias that is used
for signing and verifying.
- secureTokenSecretKeyAlias
- Specifies the secret key alias that is used for ciphering.
- secureTokenSecretKeyPassword
- Specifies the password to protect the secret key.
- secureTokenCipherAlgorithm
- Specifies the algorithm that is used for providing a cipher. You
can set this value based on the Java Secure
Socket Extension (JSSE) provider that you use.
- secureTokenSignAlgorithm
- Specifies the algorithm that is used for signing the object. You
can set this value based on the JSSE provider that you use.
- Authentication string
- authenticationSecret
- Specifies the secret string to challenge the server. When a server
starts, it must present this string to the president server or catalog
server. If the secret string matches what is in the president server,
this server is allowed to join in.