# Configure XDR Proxy

## Aerospike destination configuration

The Aerospike section configures the connection properties to the Aerospike cluster.

| Option | Required | Description |
| --- | --- | --- |
| seeds | yes | List of Aerospike seed nodes to connect. See [seeds](#seeds-config). |
| credentials | no | Credentials to connect to the Aerospike Database. See [credentials](#credentials-config). |
| services | no | Service configuration. See [services](#services-config). |
| cluster-name | no | Aerospike cluster name if configured. |
| performance | no | Performance tuning parameters. See [performance](#performance-config). |
| rack-id | no | Rack where the connector instance resides. |
| tls | no | Tls configuration. See [TLS](#tls-config). |

## Seeds Config

A map of Aerospike seed to its configuration.

| Option | Required | Default | Description |
| --- | --- | --- | --- |
| port | no | 3000 | Aerospike server port. |
| tls-name | no |  | TLS name of the Aerospike Database. |

## Credentials Config

The credentials to connect to the Aerospike Database.

| Option | Required | Default | Description |
| --- | --- | --- | --- |
| username | yes |  | The username. |
| password-file | yes |  | A file from which the password is read. Everything after the first newline is ignored. Trailing spaces in the first line are not ignored. |
| auth-mode | no | `internal` | The authentication mode. Valid values are `internal`,  
`external`, `external-insecure`, `pki`. See [auth-mode](https://aerospike.com/docs/database/reference/config#xdr__auth-mode). |

## Password File

A file from which the password is read. Everything after the first newline is ignored. Trailing spaces in the first line are not ignored.

## Services Config

The service configuration.

| Option | Required | Default | Description |
| --- | --- | --- | --- |
| ip-map | no | no translation | The IP translation table. See [ip map](#ip-map-config). |
| use-services-alternate | no | false | Use “services-alternate” instead of “services” in info request during cluster tending. |

## IP Map Config

An IP translation table is a map of IP address to IP address, used in cases where different clients use different Database IP addresses. The key is the IP address returned from friend info requests to other servers. The value is the real IP address used to connect to the Database.

## Performance Config

The performance tuning parameters.

| Option | Required | Default | Description |
| --- | --- | --- | --- |
| max-connections-per-node | no | 300 | Maximum number of connections allowed per Aerospike Database node |
| event-loop-size | no | \# of processors | Number of event loops. |

## TLS Config

The TLS config of the client.

| Option | Required | Default | Description |
| --- | --- | --- | --- |
| key-store | yes |  | Key store containing the Aerospike client certificate for mutual authentication. See [TLS Store Config](#tls-store-config). |
| trust-store | no | Default java trust store. | Trust store containing trusted CA certificate for Aerospike Database certificate. See [TLS Store Config](#tls-store-config). |
| ciphers | no | default ciphers allowed by the JVM | Allowed list of TLS ciphers that clients can use for secure connections. |
| revoke-certificates | no |  | List of certificate serial numbers to reject. |
| cert-refresh-interval-ms | no |  | Specifies interval in milliseconds to check for updates in configured tls files. If empty, certificate refresh will not be applied. |

### Sample TLS section with default trust store

```plaintext
tls:

    trust-store: default
```

## TLS Store Config

A TLS key/trust store.

| Option | Required | Default | Description |
| --- | --- | --- | --- |
| store-file | yes |  | Store file |
| store-password-file | yes |  | Read store password from this file. |
| key-password-file | no |  | Read key password from this file. |
| store-type | no | JKS | Keystore type. Valid values are JKS, JCEKS, PKCS12, PKCS11, DKS, Windows\_MY, BKS |

### Example

```plaintext
aerospike:

  seeds:

    - 192.168.50.1:

        port: 3000

        tls-name: red

    - 192.168.50.2

  credentials:

    username: admin

    password-file: /path/to/password/file.txt

    auth-mode: internal

  services:

    ip-map:

      192.168.50.1: 192.168.60.1

      192.168.50.2: 192.168.60.2

    use-services-alternate: false

  cluster-name: east

  performance:

    max-connections-per-node: 300

    event-loop-size: 4

  rack-id: 1

  tls:

    key-store:

      store-file: /path/to/store/file

      store-password-file: /path/to/store/password/file

      key-password-file: /path/to/key/password/file

      store-type: JKS

    trust-store:

      store-file: /path/to/store/file

      store-password-file: /path/to/store/password/file

      key-password-file: /path/to/key/password/file

      store-type: JKS

    ciphers:

      - TLS_RSA_WITH_3DES_EDE_CBC_SHA

    revoke-certificates:

      - 12345678
```

## Specify rack ID

If the XDR proxy nodes are located on racks, specify the ID of the rack where this XDR proxy instance is located.

### Example

Here is an example with the `rack-id` property. Also included is the example from the previous step:

```yaml
aerospike:

  seeds:

    - 192.168.50.1:

        port: 3000

        tls-name: red

    - 192.168.50.2

  cluster-name: east

  rack-id: 1
```

## Timeouts

Specify timeouts applied to the Aerospike transactions.

| Property | Required | Default | Description |
| --- | --- | --- | --- |
| `socket-timeout` | no | 30000 (30 seconds) | Socket idle timeout in milliseconds when processing a database command. |
| `total-timeout` | no | 1000 (1 second) | Total transaction timeout in milliseconds. |

### Example

Here is an example of the specifying `socket-timeout` and `total-timeout`.

```yaml
aerospike:

  seeds:

    - 192.168.50.1:

        port: 3000

        tls-name: red

    - 192.168.50.2

  socket-timeout: 30000

  total-timeout: 1000
```

## Boolean particle type

Specify particle types of boolean bins.

-   If `true`, boolean is stored on the Aerospike server with a boolean particle type (introduced in Aerospike Database 5.6.0).
-   If `false`, boolean is stored on the Aerospike server with an integer particle type (1 or 0). Must be false for Database versions prior to 5.6.0 which do not support boolean bins.

| Property | Required | Default | Description |
| --- | --- | --- | --- |
| `use-bool-bin` | no | false | Set this property to true if you would like boolean bins stored with boolean particle type in the Aerospike server. |

### Example

Here is an example specifying `use-bool-bin`.

```yaml
aerospike:

  seeds:

    - 192.168.50.1:

        port: 3000

        tls-name: red

    - 192.168.50.2

  use-bool-bin: false
```