Configure XDR Proxy
Aerospike destination configuration
The Aerospike section configures the connection properties to the Aerospike cluster.
| Option | Required | Description |
|---|---|---|
| seeds | yes | List of Aerospike seed nodes to connect. See seeds. |
| credentials | no | Credentials to connect to the Aerospike Database. See credentials. |
| services | no | Service configuration. See services. |
| cluster-name | no | Aerospike cluster name if configured. |
| performance | no | Performance tuning parameters. See performance. |
| rack-id | no | Rack where the connector instance resides. |
| tls | no | Tls configuration. See TLS. |
Seeds Config
A map of Aerospike seed to its configuration.
| Option | Required | Default | Description |
|---|---|---|---|
| port | no | 3000 | Aerospike server port. |
| tls-name | no | TLS name of the Aerospike Database. |
Credentials Config
The credentials to connect to the Aerospike Database.
| Option | Required | Default | Description |
|---|---|---|---|
| username | yes | The username. | |
| password-file | yes | A file from which the password is read. Everything after the first newline is ignored. Trailing spaces in the first line are not ignored. | |
| auth-mode | no | internal | The authentication mode. Valid values are internal, external, external-insecure, pki. See auth-mode. |
Password File
A file from which the password is read. Everything after the first newline is ignored. Trailing spaces in the first line are not ignored.
Services Config
The service configuration.
| Option | Required | Default | Description |
|---|---|---|---|
| ip-map | no | no translation | The IP translation table. See ip map. |
| use-services-alternate | no | false | Use “services-alternate” instead of “services” in info request during cluster tending. |
IP Map Config
An IP translation table is a map of IP address to IP address, used in cases where different clients use different Database IP addresses. The key is the IP address returned from friend info requests to other servers. The value is the real IP address used to connect to the Database.
Performance Config
The performance tuning parameters.
| Option | Required | Default | Description |
|---|---|---|---|
| max-connections-per-node | no | 300 | Maximum number of connections allowed per Aerospike Database node |
| event-loop-size | no | # of processors | Number of event loops. |
TLS Config
The TLS config of the client.
| Option | Required | Default | Description |
|---|---|---|---|
| key-store | yes | Key store containing the Aerospike client certificate for mutual authentication. See TLS Store Config. | |
| trust-store | no | Default java trust store. | Trust store containing trusted CA certificate for Aerospike Database certificate. See TLS Store Config. |
| ciphers | no | default ciphers allowed by the JVM | Allowed list of TLS ciphers that clients can use for secure connections. |
| revoke-certificates | no | List of certificate serial numbers to reject. |
Sample TLS section with default trust store
tls: trust-store: defaultTLS Store Config
A TLS key/trust store.
| Option | Required | Default | Description |
|---|---|---|---|
| store-file | yes | Store file | |
| store-password-file | yes | Read store password from this file. | |
| key-password-file | no | Read key password from this file. | |
| store-type | no | JKS | Keystore type. Valid values are JKS, JCEKS, PKCS12, PKCS11, DKS, Windows_MY, BKS |
Example
aerospike: seeds: - 192.168.50.1: port: 3000 tls-name: red - 192.168.50.2 credentials: username: admin password-file: /path/to/password/file.txt auth-mode: internal services: ip-map: 192.168.50.1: 192.168.60.1 192.168.50.2: 192.168.60.2 use-services-alternate: false cluster-name: east performance: max-connections-per-node: 300 event-loop-size: 4 rack-id: 1 tls: key-store: store-file: /path/to/store/file store-password-file: /path/to/store/password/file key-password-file: /path/to/key/password/file store-type: JKS trust-store: store-file: /path/to/store/file store-password-file: /path/to/store/password/file key-password-file: /path/to/key/password/file store-type: JKS ciphers: - TLS_RSA_WITH_3DES_EDE_CBC_SHA revoke-certificates: - 12345678Specify rack ID
If the XDR proxy nodes are located on racks, specify the ID of the rack where this XDR proxy instance is located.
Example
Here is an example with the rack-id property. Also included is the example from the previous step:
aerospike: seeds: - 192.168.50.1: port: 3000 tls-name: red - 192.168.50.2 cluster-name: east rack-id: 1Timeouts
Specify timeouts applied to the Aerospike transactions.
| Property | Required | Default | Description |
|---|---|---|---|
socket-timeout | no | 30000 (30 seconds) | Socket idle timeout in milliseconds when processing a database command. |
total-timeout | no | 1000 (1 second) | Total transaction timeout in milliseconds. |
Example
Here is an example of the specifying socket-timeout and total-timeout.
aerospike: seeds: - 192.168.50.1: port: 3000 tls-name: red - 192.168.50.2 socket-timeout: 30000 total-timeout: 1000Boolean particle type
Specify particle types of boolean bins.
- If
true, boolean is stored on the Aerospike server with a boolean particle type (introduced in Aerospike Database 5.6). - If
false, boolean is stored on the Aerospike server with an integer particle type (1 or 0). Must be false for Database versions prior to 5.6 which do not support boolean bins.
| Property | Required | Default | Description |
|---|---|---|---|
use-bool-bin | no | false | Set this property to true if you would like boolean bins stored with boolean particle type in the Aerospike server. |
Example
Here is an example specifying use-bool-bin.
aerospike: seeds: - 192.168.50.1: port: 3000 tls-name: red - 192.168.50.2 use-bool-bin: false