kko.pekko-remote_2.12.1.1.3.source-code.reference.conf Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pekko-remote_2.12 Show documentation
Show all versions of pekko-remote_2.12 Show documentation
Apache Pekko is a toolkit for building highly concurrent, distributed, and resilient message-driven applications for Java and Scala.
The newest version!
# SPDX-License-Identifier: Apache-2.0
#//#shared
######################################
# Pekko Remote Reference Config File #
######################################
# This is the reference config file that contains all the default settings.
# Make your edits/overrides in your application.conf.
# comments about pekko.actor settings left out where they are already in pekko-
# actor.jar, because otherwise they would be repeated in config rendering.
#
# For the configuration of the new remoting implementation (Artery) please look
# at the bottom section of this file as it is listed separately.
pekko {
actor {
serializers {
pekko-containers = "org.apache.pekko.remote.serialization.MessageContainerSerializer"
pekko-misc = "org.apache.pekko.remote.serialization.MiscMessageSerializer"
artery = "org.apache.pekko.remote.serialization.ArteryMessageSerializer"
proto = "org.apache.pekko.remote.serialization.ProtobufSerializer"
daemon-create = "org.apache.pekko.remote.serialization.DaemonMsgCreateSerializer"
pekko-system-msg = "org.apache.pekko.remote.serialization.SystemMessageSerializer"
}
serialization-bindings {
"org.apache.pekko.actor.ActorSelectionMessage" = pekko-containers
"org.apache.pekko.remote.DaemonMsgCreate" = daemon-create
"org.apache.pekko.remote.artery.ArteryMessage" = artery
"org.apache.pekko.protobufv3.internal.GeneratedMessageV3" = proto
# Since com.google.protobuf.Message does not extend Serializable but
# GeneratedMessage does, need to use the more specific one here in order
# to avoid ambiguity.
# This com.google.protobuf serialization binding is only used if the class can be loaded,
# i.e. com.google.protobuf dependency has been added in the application project.
"com.google.protobuf.GeneratedMessage" = proto
"com.google.protobuf.GeneratedMessageV3" = proto
"org.apache.pekko.actor.Identify" = pekko-misc
"org.apache.pekko.actor.ActorIdentity" = pekko-misc
"scala.Some" = pekko-misc
"scala.None$" = pekko-misc
"java.util.Optional" = pekko-misc
"org.apache.pekko.actor.Status$Success" = pekko-misc
"org.apache.pekko.actor.Status$Failure" = pekko-misc
"org.apache.pekko.actor.ActorRef" = pekko-misc
"org.apache.pekko.actor.PoisonPill$" = pekko-misc
"org.apache.pekko.actor.Kill$" = pekko-misc
"org.apache.pekko.remote.RemoteWatcher$Heartbeat$" = pekko-misc
"org.apache.pekko.remote.RemoteWatcher$HeartbeatRsp" = pekko-misc
"org.apache.pekko.Done" = pekko-misc
"org.apache.pekko.NotUsed" = pekko-misc
"org.apache.pekko.actor.Address" = pekko-misc
"org.apache.pekko.remote.UniqueAddress" = pekko-misc
"org.apache.pekko.actor.ActorInitializationException" = pekko-misc
"org.apache.pekko.actor.IllegalActorStateException" = pekko-misc
"org.apache.pekko.actor.ActorKilledException" = pekko-misc
"org.apache.pekko.actor.InvalidActorNameException" = pekko-misc
"org.apache.pekko.actor.InvalidMessageException" = pekko-misc
"java.util.concurrent.TimeoutException" = pekko-misc
"org.apache.pekko.remote.serialization.ThrowableNotSerializableException" = pekko-misc
"org.apache.pekko.actor.LocalScope$" = pekko-misc
"org.apache.pekko.remote.RemoteScope" = pekko-misc
"com.typesafe.config.impl.SimpleConfig" = pekko-misc
"com.typesafe.config.Config" = pekko-misc
"org.apache.pekko.routing.FromConfig" = pekko-misc
"org.apache.pekko.routing.DefaultResizer" = pekko-misc
"org.apache.pekko.routing.BalancingPool" = pekko-misc
"org.apache.pekko.routing.BroadcastGroup" = pekko-misc
"org.apache.pekko.routing.BroadcastPool" = pekko-misc
"org.apache.pekko.routing.RandomGroup" = pekko-misc
"org.apache.pekko.routing.RandomPool" = pekko-misc
"org.apache.pekko.routing.RoundRobinGroup" = pekko-misc
"org.apache.pekko.routing.RoundRobinPool" = pekko-misc
"org.apache.pekko.routing.ScatterGatherFirstCompletedGroup" = pekko-misc
"org.apache.pekko.routing.ScatterGatherFirstCompletedPool" = pekko-misc
"org.apache.pekko.routing.SmallestMailboxPool" = pekko-misc
"org.apache.pekko.routing.TailChoppingGroup" = pekko-misc
"org.apache.pekko.routing.TailChoppingPool" = pekko-misc
"org.apache.pekko.remote.routing.RemoteRouterConfig" = pekko-misc
"org.apache.pekko.pattern.StatusReply" = pekko-misc
"org.apache.pekko.dispatch.sysmsg.SystemMessage" = pekko-system-msg
# Java Serializer is by default used for exceptions and will by default
# not be allowed to be serialized, but in certain cases they are replaced
# by `org.apache.pekko.remote.serialization.ThrowableNotSerializableException` if
# no specific serializer has been defined:
# - when wrapped in `org.apache.pekko.actor.Status.Failure` for ask replies
# - when wrapped in system messages for exceptions from remote deployed child actors
#
# It's recommended that you implement custom serializer for exceptions that are
# sent remotely, You can add binding to pekko-misc (MiscMessageSerializer) for the
# exceptions that have a constructor with single message String or constructor with
# message String as first parameter and cause Throwable as second parameter. Note that it's not
# safe to add this binding for general exceptions such as IllegalArgumentException
# because it may have a subclass without required constructor.
"java.lang.Throwable" = java
}
serialization-identifiers {
"org.apache.pekko.remote.serialization.ProtobufSerializer" = 2
"org.apache.pekko.remote.serialization.DaemonMsgCreateSerializer" = 3
"org.apache.pekko.remote.serialization.MessageContainerSerializer" = 6
"org.apache.pekko.remote.serialization.MiscMessageSerializer" = 16
"org.apache.pekko.remote.serialization.ArteryMessageSerializer" = 17
"org.apache.pekko.remote.serialization.SystemMessageSerializer" = 22
# deprecated in Akka 2.6.0, moved to pekko-actor
"org.apache.pekko.remote.serialization.LongSerializer" = 18
# deprecated in Akka 2.6.0, moved to pekko-actor
"org.apache.pekko.remote.serialization.IntSerializer" = 19
# deprecated in Akka 2.6.0, moved to pekko-actor
"org.apache.pekko.remote.serialization.StringSerializer" = 20
# deprecated in Akka 2.6.0, moved to pekko-actor
"org.apache.pekko.remote.serialization.ByteStringSerializer" = 21
}
deployment {
default {
# if this is set to a valid remote address, the named actor will be
# deployed at that node e.g. "pekko://sys@host:port"
remote = ""
target {
# A list of hostnames and ports for instantiating the children of a
# router
# The format should be on "pekko://sys@host:port", where:
# - sys is the remote actor system name
# - hostname can be either hostname or IP address the remote actor
# should connect to
# - port should be the port for the remote server on the other node
# The number of actor instances to be spawned is still taken from the
# nr-of-instances setting as for local routers; the instances will be
# distributed round-robin among the given nodes.
nodes = []
}
}
}
}
remote {
### Settings shared by classic remoting and Artery (the new implementation of remoting)
# Using remoting directly is typically not desirable, so a warning will
# be shown to make this clear. Set this setting to 'off' to suppress that
# warning.
warn-about-direct-use = on
# If Cluster is not used, remote watch and deployment are disabled.
# To optionally use them while not using Cluster, set to 'on'.
use-unsafe-remote-features-outside-cluster = off
# A warning will be logged on remote watch attempts if Cluster
# is not in use and 'use-unsafe-remote-features-outside-cluster'
# is 'off'. Set this to 'off' to suppress these.
warn-unsafe-watch-outside-cluster = on
# When receiving requests from other remote actors, what are the valid
# prefixes to check against. Useful for when dealing with rolling cluster
# migrations with compatible systems such as Lightbend's Akka.
# By default, we only support "pekko" protocol.
# If you want to also support Akka, change this config to:
# pekko.remote.accept-protocol-names = ["pekko", "akka"]
# A ConfigurationException will be thrown at runtime if the array is empty
# or contains values other than "pekko" and/or "akka".
accept-protocol-names = ["pekko"]
# The protocol name to use when sending requests to other remote actors.
# Useful when dealing with rolling migration, i.e. temporarily change
# the protocol name to match another compatible actor implementation
# such as Lightbend's "akka" (whilst making sure accept-protocol-names
# contains "akka") so that you can gracefully migrate all nodes to Apache
# Pekko and then change the protocol-name back to "pekko" once all
# nodes have been are running on Apache Pekko.
# A ConfigurationException will be thrown at runtime if the value is not
# set to "pekko" or "akka".
protocol-name = "pekko"
# When pekko.remote.accept-protocol-names contains "akka", then we
# need to know the Akka version. If you include the Akka jars on the classpath,
# we can use the akka.version from their configuration. This configuration
# setting is only used if we can't find an akka.version setting.
akka.version = "2.6.21"
# Settings for the Phi accrual failure detector (http://www.jaist.ac.jp/~defago/files/pdf/IS_RR_2004_010.pdf
# [Hayashibara et al]) used for remote death watch.
# The default PhiAccrualFailureDetector will trigger if there are no heartbeats within
# the duration heartbeat-interval + acceptable-heartbeat-pause + threshold_adjustment,
# i.e. around 12.5 seconds with default settings.
watch-failure-detector {
# FQCN of the failure detector implementation.
# It must implement org.apache.pekko.remote.FailureDetector and have
# a public constructor with a com.typesafe.config.Config and
# org.apache.pekko.actor.EventStream parameter.
implementation-class = "org.apache.pekko.remote.PhiAccrualFailureDetector"
# How often keep-alive heartbeat messages should be sent to each connection.
heartbeat-interval = 1 s
# Defines the failure detector threshold.
# A low threshold is prone to generate many wrong suspicions but ensures
# a quick detection in the event of a real crash. Conversely, a high
# threshold generates fewer mistakes but needs more time to detect
# actual crashes.
threshold = 10.0
# Number of the samples of inter-heartbeat arrival times to adaptively
# calculate the failure timeout for connections.
max-sample-size = 200
# Minimum standard deviation to use for the normal distribution in
# AccrualFailureDetector. Too low standard deviation might result in
# too much sensitivity for sudden, but normal, deviations in heartbeat
# inter arrival times.
min-std-deviation = 100 ms
# Number of potentially lost/delayed heartbeats that will be
# accepted before considering it to be an anomaly.
# This margin is important to be able to survive sudden, occasional,
# pauses in heartbeat arrivals, due to for example garbage collect or
# network drop.
acceptable-heartbeat-pause = 10 s
# How often to check for nodes marked as unreachable by the failure
# detector
unreachable-nodes-reaper-interval = 1s
# After the heartbeat request has been sent the first failure detection
# will start after this period, even though no heartbeat message has
# been received.
expected-response-after = 1 s
}
# remote deployment configuration section
deployment {
# deprecated, use `enable-allow-list`
enable-whitelist = off
# If true, will only allow specific classes listed in `allowed-actor-classes` to be instantiated on this
# system via remote deployment
enable-allow-list = ${pekko.remote.deployment.enable-whitelist}
# deprecated, use `allowed-actor-classes`
whitelist = []
allowed-actor-classes = ${pekko.remote.deployment.whitelist}
}
### Default dispatcher for the remoting subsystem
default-remote-dispatcher {
type = Dispatcher
executor = "fork-join-executor"
fork-join-executor {
parallelism-min = 2
parallelism-factor = 0.5
parallelism-max = 16
}
throughput = 10
}
#//#shared
}
}
pekko {
remote {
#//#classic
classic {
### Configuration for classic remoting. Classic remoting is deprecated, use artery.
# Used as part of the Actor name for the Protocol Manager.
manager-name-prefix = "pekkoprotocolmanager"
# If set to a nonempty string remoting will use the given dispatcher for
# its internal actors otherwise the default dispatcher is used. Please note
# that since remoting can load arbitrary 3rd party drivers (see
# "enabled-transport" and "adapters" entries) it is not guaranteed that
# every module will respect this setting.
use-dispatcher = "pekko.remote.default-remote-dispatcher"
# Settings for the failure detector to monitor connections.
# For TCP it is not important to have fast failure detection, since
# most connection failures are captured by TCP itself.
# The default DeadlineFailureDetector will trigger if there are no heartbeats within
# the duration heartbeat-interval + acceptable-heartbeat-pause, i.e. 124 seconds
# with the default settings.
transport-failure-detector {
# FQCN of the failure detector implementation.
# It must implement org.apache.pekko.remote.FailureDetector and have
# a public constructor with a com.typesafe.config.Config and
# org.apache.pekko.actor.EventStream parameter.
implementation-class = "org.apache.pekko.remote.DeadlineFailureDetector"
# How often keep-alive heartbeat messages should be sent to each connection.
heartbeat-interval = 4 s
# Number of potentially lost/delayed heartbeats that will be
# accepted before considering it to be an anomaly.
# A margin to the `heartbeat-interval` is important to be able to survive sudden,
# occasional, pauses in heartbeat arrivals, due to for example garbage collect or
# network drop.
acceptable-heartbeat-pause = 120 s
}
# Timeout after which the startup of the remoting subsystem is considered
# to be failed. Increase this value if your transport drivers (see the
# enabled-transports section) need longer time to be loaded.
startup-timeout = 10 s
# Timeout after which the graceful shutdown of the remoting subsystem is
# considered to be failed. After the timeout the remoting system is
# forcefully shut down. Increase this value if your transport drivers
# (see the enabled-transports section) need longer time to stop properly.
shutdown-timeout = 10 s
# Before shutting down the drivers, the remoting subsystem attempts to flush
# all pending writes. This setting controls the maximum time the remoting is
# willing to wait before moving on to shut down the drivers.
flush-wait-on-shutdown = 2 s
# Reuse inbound connections for outbound messages
use-passive-connections = on
# Controls the backoff interval after a refused write is reattempted.
# (Transports may refuse writes if their internal buffer is full)
backoff-interval = 5 ms
# Acknowledgment timeout of management commands sent to the transport stack.
command-ack-timeout = 30 s
# The timeout for outbound associations to perform the handshake.
# If the transport is pekko.remote.classic.netty.tcp or pekko.remote.classic.netty.ssl
# the configured connection-timeout for the transport will be used instead.
handshake-timeout = 15 s
### Security settings
# Enable untrusted mode for full security of server managed actors, prevents
# system messages to be send by clients, e.g. messages like 'Create',
# 'Suspend', 'Resume', 'Terminate', 'Supervise', 'Link' etc.
untrusted-mode = off
# When 'untrusted-mode=on' inbound actor selections are by default discarded.
# Actors with paths defined in this list are granted permission to receive actor
# selections messages.
# E.g. trusted-selection-paths = ["/user/receptionist", "/user/namingService"]
trusted-selection-paths = []
### Logging
# If this is "on", Pekko will log all inbound messages at DEBUG level,
# if off then they are not logged
log-received-messages = off
# If this is "on", Pekko will log all outbound messages at DEBUG level,
# if off then they are not logged
log-sent-messages = off
# Sets the log granularity level at which Pekko logs remoting events. This setting
# can take the values OFF, ERROR, WARNING, INFO, DEBUG, or ON. For compatibility
# reasons the setting "on" will default to "debug" level. Please note that the effective
# logging level is still determined by the global logging level of the actor system:
# for example debug level remoting events will be only logged if the system
# is running with debug level logging.
# Failures to deserialize received messages also fall under this flag.
log-remote-lifecycle-events = on
# Logging of message types with payload size in bytes larger than
# this value. Maximum detected size per message type is logged once,
# with an increase threshold of 10%.
# By default this feature is turned off. Activate it by setting the property to
# a value in bytes, such as 1000b. Note that for all messages larger than this
# limit there will be extra performance and scalability cost.
log-frame-size-exceeding = off
# Log warning if the number of messages in the backoff buffer in the endpoint
# writer exceeds this limit. It can be disabled by setting the value to off.
log-buffer-size-exceeding = 50000
# After failed to establish an outbound connection, the remoting will mark the
# address as failed. This configuration option controls how much time should
# be elapsed before reattempting a new connection. While the address is
# gated, all messages sent to the address are delivered to dead-letters.
# Since this setting limits the rate of reconnects setting it to a
# very short interval (i.e. less than a second) may result in a storm of
# reconnect attempts.
retry-gate-closed-for = 5 s
# After catastrophic communication failures that result in the loss of system
# messages or after the remote DeathWatch triggers the remote system gets
# quarantined to prevent inconsistent behavior.
# This setting controls how long the Quarantine marker will be kept around
# before being removed to avoid long-term memory leaks.
# WARNING: DO NOT change this to a small value to re-enable communication with
# quarantined nodes. Such feature is not supported and any behavior between
# the affected systems after lifting the quarantine is undefined.
prune-quarantine-marker-after = 5 d
# If system messages have been exchanged between two systems (i.e. remote death
# watch or remote deployment has been used) a remote system will be marked as
# quarantined after the two system has no active association, and no
# communication happens during the time configured here.
# The only purpose of this setting is to avoid storing system message redelivery
# data (sequence number state, etc.) for an undefined amount of time leading to long
# term memory leak. Instead, if a system has been gone for this period,
# or more exactly
# - there is no association between the two systems (TCP connection, if TCP transport is used)
# - neither side has been attempting to communicate with the other
# - there are no pending system messages to deliver
# for the amount of time configured here, the remote system will be quarantined and all state
# associated with it will be dropped.
#
# Maximum value depends on the scheduler's max limit (default 248 days) and if configured
# to a longer duration this feature will effectively be disabled. Setting the value to
# 'off' will also disable the feature. Note that if disabled there is a risk of a long
# term memory leak.
quarantine-after-silence = 2 d
# This setting defines the maximum number of unacknowledged system messages
# allowed for a remote system. If this limit is reached the remote system is
# declared to be dead and its UID marked as tainted.
system-message-buffer-size = 20000
# This setting defines the maximum idle time after an individual
# acknowledgement for system messages is sent. System message delivery
# is guaranteed by explicit acknowledgement messages. These acks are
# piggybacked on ordinary traffic messages. If no traffic is detected
# during the time period configured here, the remoting will send out
# an individual ack.
system-message-ack-piggyback-timeout = 0.3 s
# This setting defines the time after internal management signals
# between actors (used for DeathWatch and supervision) that have not been
# explicitly acknowledged or negatively acknowledged are resent.
# Messages that were negatively acknowledged are always immediately
# resent.
resend-interval = 2 s
# Maximum number of unacknowledged system messages that will be resent
# each 'resend-interval'. If you watch many (> 1000) remote actors you can
# increase this value to for example 600, but a too large limit (e.g. 10000)
# may flood the connection and might cause false failure detection to trigger.
# Test such a configuration by watching all actors at the same time and stop
# all watched actors at the same time.
resend-limit = 200
# WARNING: this setting should not be not changed unless all of its consequences
# are properly understood which assumes experience with remoting internals
# or expert advice.
# This setting defines the time after redelivery attempts of internal management
# signals are stopped to a remote system that has been not confirmed to be alive by
# this system before.
initial-system-message-delivery-timeout = 3 m
### Transports and adapters
# List of the transport drivers that will be loaded by the remoting.
# A list of fully qualified config paths must be provided where
# the given configuration path contains a transport-class key
# pointing to an implementation class of the Transport interface.
# If multiple transports are provided, the address of the first
# one will be used as a default address.
enabled-transports = ["pekko.remote.classic.netty.tcp"]
# Transport drivers can be augmented with adapters by adding their
# name to the applied-adapters setting in the configuration of a
# transport. The available adapters should be configured in this
# section by providing a name, and the fully qualified name of
# their corresponding implementation. The class given here
# must implement org.apache.pekko.remote.transport.TransportAdapterProvider
# and have public constructor without parameters.
adapters {
gremlin = "org.apache.pekko.remote.transport.FailureInjectorProvider"
trttl = "org.apache.pekko.remote.transport.ThrottlerProvider"
}
### Default configuration for the Netty based transport drivers
netty.tcp {
# The class given here must implement the org.apache.pekko.remote.transport.Transport
# interface and offer a public constructor which takes two arguments:
# 1) org.apache.pekko.actor.ExtendedActorSystem
# 2) com.typesafe.config.Config
transport-class = "org.apache.pekko.remote.transport.netty.NettyTransport"
# Transport drivers can be augmented with adapters by adding their
# name to the applied-adapters list. The last adapter in the
# list is the adapter immediately above the driver, while
# the first one is the top of the stack below the standard
# Pekko protocol
applied-adapters = []
# The default remote server port clients should connect to.
# Default is 7355 (PEKK on a telephone keypad), use 0 if you want a random available port
# This port needs to be unique for each actor system on the same machine.
port = 7355
# The hostname or ip clients should connect to.
# InetAddress.getLocalHost.getHostAddress is used if empty
hostname = ""
# Use this setting to bind a network interface to a different port
# than remoting protocol expects messages at. This may be used
# when running pekko nodes in a separated networks (under NATs or docker containers).
# Use 0 if you want a random available port. Examples:
#
# pekko.remote.classic.netty.tcp.port = 7355
# pekko.remote.classic.netty.tcp.bind-port = 7356
# Network interface will be bound to the 7356 port, but remoting protocol will
# expect messages sent to port 7355.
#
# pekko.remote.classic.netty.tcp.port = 0
# pekko.remote.classic.netty.tcp.bind-port = 0
# Network interface will be bound to a random port, and remoting protocol will
# expect messages sent to the bound port.
#
# pekko.remote.classic.netty.tcp.port = 7355
# pekko.remote.classic.netty.tcp.bind-port = 0
# Network interface will be bound to a random port, but remoting protocol will
# expect messages sent to port 7355.
#
# pekko.remote.classic.netty.tcp.port = 0
# pekko.remote.classic.netty.tcp.bind-port = 7356
# Network interface will be bound to the 7356 port, and remoting protocol will
# expect messages sent to the bound port.
#
# pekko.remote.classic.netty.tcp.port = 7355
# pekko.remote.classic.netty.tcp.bind-port = ""
# Network interface will be bound to the 7355 port, and remoting protocol will
# expect messages sent to the bound port.
#
# pekko.remote.classic.netty.tcp.port if empty
bind-port = ""
# Use this setting to bind a network interface to a different hostname or ip
# than remoting protocol expects messages at.
# Use "0.0.0.0" to bind to all interfaces.
# pekko.remote.classic.netty.tcp.hostname if empty
bind-hostname = ""
# Enables SSL support on this transport
enable-ssl = false
# Sets the connectTimeoutMillis of all outbound connections,
# i.e. how long a connect may take until it is timed out
connection-timeout = 15 s
# If set to "" then the specified dispatcher
# will be used to accept inbound connections, and perform IO. If "" then
# dedicated threads will be used.
# Please note that the Netty driver only uses this configuration and does
# not read the "pekko.remote.use-dispatcher" entry. Instead it has to be
# configured manually to point to the same dispatcher if needed.
use-dispatcher-for-io = ""
# Sets the high water mark for the in and outbound sockets,
# set to 0b for platform default
write-buffer-high-water-mark = 0b
# Sets the low water mark for the in and outbound sockets,
# set to 0b for platform default
write-buffer-low-water-mark = 0b
# Sets the send buffer size of the Sockets,
# set to 0b for platform default
send-buffer-size = 256000b
# Sets the receive buffer size of the Sockets,
# set to 0b for platform default
receive-buffer-size = 256000b
# Maximum message size the transport will accept, but at least
# 32000 bytes.
# Please note that UDP does not support arbitrary large datagrams,
# so this setting has to be chosen carefully when using UDP.
# Both send-buffer-size and receive-buffer-size settings has to
# be adjusted to be able to buffer messages of maximum size.
maximum-frame-size = 128000b
# Sets the size of the connection backlog
backlog = 4096
# Enables the TCP_NODELAY flag, i.e. disables Nagle’s algorithm
tcp-nodelay = on
# Enables TCP Keep-alive, subject to the O/S kernel’s configuration
tcp-keepalive = on
# Enables SO_REUSEADDR, which determines when an ActorSystem can open
# the specified listen port (the meaning differs between *nix and Windows)
# Valid values are "on", "off" and "off-for-windows"
# due to the following Windows bug: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4476378
# "off-for-windows" of course means that it's "on" for all other platforms
tcp-reuse-addr = off-for-windows
# Used to configure the number of I/O worker threads on server sockets
server-socket-worker-pool {
# Min number of threads to cap factor-based number to
pool-size-min = 2
# The pool size factor is used to determine thread pool size
# using the following formula: ceil(available processors * factor).
# Resulting size is then bounded by the pool-size-min and
# pool-size-max values.
pool-size-factor = 1.0
# Max number of threads to cap factor-based number to
pool-size-max = 2
}
# Used to configure the number of I/O worker threads on client sockets
client-socket-worker-pool {
# Min number of threads to cap factor-based number to
pool-size-min = 2
# The pool size factor is used to determine thread pool size
# using the following formula: ceil(available processors * factor).
# Resulting size is then bounded by the pool-size-min and
# pool-size-max values.
pool-size-factor = 1.0
# Max number of threads to cap factor-based number to
pool-size-max = 2
}
}
netty.ssl = ${pekko.remote.classic.netty.tcp}
netty.ssl = {
# Enable SSL/TLS encryption.
# This must be enabled on both the client and server to work.
enable-ssl = true
# Factory of SSLEngine.
# Must implement org.apache.pekko.remote.transport.netty.SSLEngineProvider and have a public
# constructor with an ActorSystem parameter.
# The default ConfigSSLEngineProvider is configured by properties in section
# pekko.remote.classic.netty.ssl.security
#
# The SSLEngineProvider can also be defined via ActorSystemSetup with
# SSLEngineProviderSetup when starting the ActorSystem. That is useful when
# the SSLEngineProvider implementation requires other external constructor
# parameters or is created before the ActorSystem is created.
# If such SSLEngineProviderSetup is defined this config property is not used.
ssl-engine-provider = org.apache.pekko.remote.transport.netty.ConfigSSLEngineProvider
security {
# This is the Java Key Store used by the server connection
key-store = "keystore"
# This password is used for decrypting the key store
key-store-password = "changeme"
# This password is used for decrypting the key
key-password = "changeme"
# This is the Java Key Store used by the client connection
trust-store = "truststore"
# This password is used for decrypting the trust store
trust-store-password = "changeme"
# Protocol to use for SSL encryption.
protocol = "TLSv1.2"
# Example: ["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
# "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
# "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
# "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
# When doing rolling upgrades, make sure to include both the algorithm used
# by old nodes and the preferred algorithm.
# If you use a JDK 8 prior to 8u161 you need to install
# the JCE Unlimited Strength Jurisdiction Policy Files to use AES 256.
# More info here:
# https://www.oracle.com/java/technologies/javase-jce-all-downloads.html
enabled-algorithms = ["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_CBC_SHA"]
# There are two options, and the default SecureRandom is recommended:
# "" or "SecureRandom" => (default)
# "SHA1PRNG" => Can be slow because of blocking issues on Linux
#
# Setting a value here may require you to supply the appropriate cipher
# suite (see enabled-algorithms section above)
random-number-generator = ""
# Require mutual authentication between TLS peers
#
# Without mutual authentication only the peer that actively establishes a connection (TLS client side)
# checks if the passive side (TLS server side) sends over a trusted certificate. With the flag turned on,
# the passive side will also request and verify a certificate from the connecting peer.
#
# To prevent man-in-the-middle attacks this setting is enabled by default.
require-mutual-authentication = on
}
}
### Default configuration for the failure injector transport adapter
gremlin {
# Enable debug logging of the failure injector transport adapter
debug = off
}
backoff-remote-dispatcher {
type = Dispatcher
executor = "fork-join-executor"
fork-join-executor {
# Min number of threads to cap factor-based parallelism number to
parallelism-min = 2
parallelism-max = 2
}
}
}
}
}
#//#classic
#//#artery
pekko {
remote {
### Configuration for Artery, the new implementation of remoting
artery {
# Disable artery with this flag
enabled = on
# Select the underlying transport implementation.
#
# Possible values: aeron-udp, tcp, tls-tcp
# See https://pekko.apache.org/docs/pekko/current/remoting-artery.html#selecting-a-transport for the tradeoffs
# for each transport
transport = tcp
# Canonical address is the address other clients should connect to.
# Artery transport will expect messages to this address.
canonical {
# The default remote server port clients should connect to.
# Default is 17355, use 0 if you want a random available port
# This port needs to be unique for each actor system on the same machine.
port = 17355
# Hostname clients should connect to. Can be set to an ip, hostname
# or one of the following special values:
# "" InetAddress.getLocalHost.getHostAddress
# "" InetAddress.getLocalHost.getHostName
#
hostname = ""
}
# Use these settings to bind a network interface to a different address
# than artery expects messages at. This may be used when running Pekko
# nodes in a separated networks (under NATs or in containers). If canonical
# and bind addresses are different, then network configuration that relays
# communications from canonical to bind addresses is expected.
bind {
# Port to bind a network interface to. Can be set to a port number
# of one of the following special values:
# 0 random available port
# "" pekko.remote.artery.canonical.port
#
port = ""
# Hostname to bind a network interface to. Can be set to an ip, hostname
# or one of the following special values:
# "0.0.0.0" all interfaces
# "" pekko.remote.artery.canonical.hostname
# "" InetAddress.getLocalHost.getHostAddress
# "" InetAddress.getLocalHost.getHostName
#
hostname = ""
# Time to wait for Aeron/TCP to bind
bind-timeout = 3s
}
# Actor paths to use the large message stream for when a message
# is sent to them over remoting. The large message stream dedicated
# is separate from "normal" and system messages so that sending a
# large message does not interfere with them.
# Entries should be the full path to the actor. Wildcards in the form of "*"
# can be supplied at any place and matches any name at that segment -
# "/user/supervisor/actor/*" will match any direct child to actor,
# while "/supervisor/*/child" will match any grandchild to "supervisor" that
# has the name "child"
# Entries have to be specified on both the sending and receiving side.
# Messages sent to ActorSelections will not be passed through the large message
# stream, to pass such messages through the large message stream the selections
# but must be resolved to ActorRefs first.
large-message-destinations = []
# Enable untrusted mode, which discards inbound system messages, PossiblyHarmful and
# ActorSelection messages. E.g. remote watch and remote deployment will not work.
# ActorSelection messages can be enabled for specific paths with the trusted-selection-paths
untrusted-mode = off
# When 'untrusted-mode=on' inbound actor selections are by default discarded.
# Actors with paths defined in this list are granted permission to receive actor
# selections messages.
# E.g. trusted-selection-paths = ["/user/receptionist", "/user/namingService"]
trusted-selection-paths = []
# If this is "on", all inbound remote messages will be logged at DEBUG level,
# if off then they are not logged
log-received-messages = off
# If this is "on", all outbound remote messages will be logged at DEBUG level,
# if off then they are not logged
log-sent-messages = off
# Logging of message types with payload size in bytes larger than
# this value. Maximum detected size per message type is logged once,
# with an increase threshold of 10%.
# By default this feature is turned off. Activate it by setting the property to
# a value in bytes, such as 1000b. Note that for all messages larger than this
# limit there will be extra performance and scalability cost.
log-frame-size-exceeding = off
advanced {
# Maximum serialized message size, including header data.
maximum-frame-size = 256 KiB
# Direct byte buffers are reused in a pool with this maximum size.
# Each buffer has the size of 'maximum-frame-size'.
# This is not a hard upper limit on number of created buffers. Additional
# buffers will be created if needed, e.g. when using many outbound
# associations at the same time. Such additional buffers will be garbage
# collected, which is not as efficient as reusing buffers in the pool.
buffer-pool-size = 128
# Maximum serialized message size for the large messages, including header data.
# If the value of pekko.remote.artery.transport is set to aeron-udp, it is currently
# restricted to 1/8th the size of a term buffer that can be configured by setting the
# 'aeron.term.buffer.length' system property.
# See 'large-message-destinations'.
maximum-large-frame-size = 2 MiB
# Direct byte buffers for the large messages are reused in a pool with this maximum size.
# Each buffer has the size of 'maximum-large-frame-size'.
# See 'large-message-destinations'.
# This is not a hard upper limit on number of created buffers. Additional
# buffers will be created if needed, e.g. when using many outbound
# associations at the same time. Such additional buffers will be garbage
# collected, which is not as efficient as reusing buffers in the pool.
large-buffer-pool-size = 32
# For enabling testing features, such as blackhole in pekko-remote-testkit.
test-mode = off
# Settings for the materializer that is used for the remote streams.
materializer = ${pekko.stream.materializer}
# Remoting will use the given dispatcher for the ordinary and large message
# streams.
use-dispatcher = "pekko.remote.default-remote-dispatcher"
# Remoting will use the given dispatcher for the control stream.
# It can be good to not use the same dispatcher for the control stream as
# the dispatcher for the ordinary message stream so that heartbeat messages
# are not disturbed.
use-control-stream-dispatcher = "pekko.actor.internal-dispatcher"
# Total number of inbound lanes, shared among all inbound associations. A value
# greater than 1 means that deserialization can be performed in parallel for
# different destination actors. The selection of lane is based on consistent
# hashing of the recipient ActorRef to preserve message ordering per receiver.
# Lowest latency can be achieved with inbound-lanes=1 because of one less
# asynchronous boundary.
inbound-lanes = 4
# Number of outbound lanes for each outbound association. A value greater than 1
# means that serialization and other work can be performed in parallel for different
# destination actors. The selection of lane is based on consistent hashing of the
# recipient ActorRef to preserve message ordering per receiver. Note that messages
# for different destination systems (hosts) are handled by different streams also
# when outbound-lanes=1. Lowest latency can be achieved with outbound-lanes=1
# because of one less asynchronous boundary.
outbound-lanes = 1
# Size of the send queue for outgoing messages. Messages will be dropped if
# the queue becomes full. This may happen if you send a burst of many messages
# without end-to-end flow control. Note that there is one such queue per
# outbound association. The trade-off of using a larger queue size is that
# it consumes more memory, since the queue is based on pre-allocated array with
# fixed size.
outbound-message-queue-size = 3072
# Size of the send queue for outgoing control messages, such as system messages.
# If this limit is reached the remote system is declared to be dead and its UID
# marked as quarantined. Note that there is one such queue per outbound association.
# It is a linked queue so it will not use more memory than needed but by increasing
# too much you may risk OutOfMemoryError in the worst case.
outbound-control-queue-size = 20000
# Size of the send queue for outgoing large messages. Messages will be dropped if
# the queue becomes full. This may happen if you send a burst of many messages
# without end-to-end flow control. Note that there is one such queue per
# outbound association.
# It is a linked queue so it will not use more memory than needed but by increasing
# too much you may risk OutOfMemoryError, especially since the message payload
# of these messages may be large.
outbound-large-message-queue-size = 256
# This setting defines the maximum number of unacknowledged system messages
# allowed for a remote system. If this limit is reached the remote system is
# declared to be dead and its UID marked as quarantined.
system-message-buffer-size = 20000
# unacknowledged system messages are re-delivered with this interval
system-message-resend-interval = 1 second
# The timeout for outbound associations to perform the initial handshake.
# This timeout must be greater than the 'image-liveness-timeout' when
# transport is aeron-udp.
handshake-timeout = 20 seconds
# incomplete initial handshake attempt is retried with this interval
handshake-retry-interval = 1 second
# Handshake requests are performed periodically with this interval,
# also after the handshake has been completed to be able to establish
# a new session with a restarted destination system.
inject-handshake-interval = 1 second
# System messages that are not acknowledged after re-sending for this period are
# dropped and will trigger quarantine. The value should be longer than the length
# of a network partition that you need to survive.
give-up-system-message-after = 6 hours
# Outbound streams are stopped when they haven't been used for this duration.
# They are started again when new messages are sent.
stop-idle-outbound-after = 5 minutes
# Outbound streams are quarantined when they haven't been used for this duration
# to cleanup resources used by the association, such as compression tables.
# This will cleanup association to crashed systems that didn't announce their
# termination.
# The value should be longer than the length of a network partition that you
# need to survive.
# The value must also be greater than stop-idle-outbound-after.
# Once every 1/10 of this duration an extra handshake message will be sent.
# Therefore it's also recommended to use a value that is greater than 10 times
# the stop-idle-outbound-after, since otherwise the idle streams will not be
# stopped.
quarantine-idle-outbound-after = 6 hours
# Stop outbound stream of a quarantined association after this idle timeout, i.e.
# when not used any more.
stop-quarantined-after-idle = 3 seconds
# After catastrophic communication failures that could result in the loss of system
# messages or after the remote DeathWatch triggers the remote system gets
# quarantined to prevent inconsistent behavior.
# This setting controls how long the quarantined association will be kept around
# before being removed to avoid long-term memory leaks. It must be quarantined
# and also unused for this duration before it's removed. When removed the historical
# information about which UIDs that were quarantined for that hostname:port is
# gone which could result in communication with a previously quarantined node
# if it wakes up again. Therefore this shouldn't be set too low.
remove-quarantined-association-after = 1 h
# during ActorSystem termination the remoting will wait this long for
# an acknowledgment by the destination system that flushing of outstanding
# remote messages has been completed
shutdown-flush-timeout = 1 second
# Before sending notification of terminated actor (DeathWatchNotification) other messages
# will be flushed to make sure that the Terminated message arrives after other messages.
# It will wait this long for the flush acknowledgement before continuing.
# The flushing can be disabled by setting this to `off`.
death-watch-notification-flush-timeout = 3 seconds
# See 'inbound-max-restarts'
inbound-restart-timeout = 5 seconds
# Max number of restarts within 'inbound-restart-timeout' for the inbound streams.
# If more restarts occurs the ActorSystem will be terminated.
inbound-max-restarts = 5
# Retry outbound connection after this backoff.
# Only used when transport is tcp or tls-tcp.
outbound-restart-backoff = 1 second
# See 'outbound-max-restarts'
outbound-restart-timeout = 5 seconds
# Max number of restarts within 'outbound-restart-timeout' for the outbound streams.
# If more restarts occurs the ActorSystem will be terminated.
outbound-max-restarts = 5
# compression of common strings in remoting messages, like actor destinations, serializers etc
compression {
actor-refs {
# Max number of compressed actor-refs
# Note that compression tables are "rolling" (i.e. a new table replaces the old
# compression table once in a while), and this setting is only about the total number
# of compressions within a single such table.
# Must be a positive natural number. Can be disabled with "off".
max = 256
# interval between new table compression advertisements.
# this means the time during which we collect heavy-hitter data and then turn it into a compression table.
advertisement-interval = 1 minute
}
manifests {
# Max number of compressed manifests
# Note that compression tables are "rolling" (i.e. a new table replaces the old
# compression table once in a while), and this setting is only about the total number
# of compressions within a single such table.
# Must be a positive natural number. Can be disabled with "off".
max = 256
# interval between new table compression advertisements.
# this means the time during which we collect heavy-hitter data and then turn it into a compression table.
advertisement-interval = 1 minute
}
}
# List of fully qualified class names of remote instruments which should
# be initialized and used for monitoring of remote messages.
# The class must extend org.apache.pekko.remote.artery.RemoteInstrument and
# have a public constructor with empty parameters or one ExtendedActorSystem
# parameter.
# A new instance of RemoteInstrument will be created for each encoder and decoder.
# It's only called from the stage, so if it doesn't delegate to any shared instance
# it doesn't have to be thread-safe.
# Refer to `org.apache.pekko.remote.artery.RemoteInstrument` for more information.
instruments = ${?pekko.remote.artery.advanced.instruments} []
# Only used when transport is aeron-udp
aeron {
# Periodically log out all Aeron counters. See https://github.com/real-logic/aeron/wiki/Monitoring-and-Debugging#counters
# Only used when transport is aeron-udp.
log-aeron-counters = false
# Controls whether to start the Aeron media driver in the same JVM or use external
# process. Set to 'off' when using external media driver, and then also set the
# 'aeron-dir'.
# Only used when transport is aeron-udp.
embedded-media-driver = on
# Directory used by the Aeron media driver. It's mandatory to define the 'aeron-dir'
# if using external media driver, i.e. when 'embedded-media-driver = off'.
# Embedded media driver will use a this directory, or a temporary directory if this
# property is not defined (empty).
# Only used when transport is aeron-udp.
aeron-dir = ""
# Whether to delete aeron embedded driver directory upon driver stop.
# Only used when transport is aeron-udp.
delete-aeron-dir = yes
# Level of CPU time used, on a scale between 1 and 10, during backoff/idle.
# The tradeoff is that to have low latency more CPU time must be used to be
# able to react quickly on incoming messages or send as fast as possible after
# backoff backpressure.
# Level 1 strongly prefer low CPU consumption over low latency.
# Level 10 strongly prefer low latency over low CPU consumption.
# Only used when transport is aeron-udp.
idle-cpu-level = 5
# messages that are not accepted by Aeron are dropped after retrying for this period
# Only used when transport is aeron-udp.
give-up-message-after = 60 seconds
# Timeout after which aeron driver has not had keepalive messages
# from a client before it considers the client dead.
# Only used when transport is aeron-udp.
client-liveness-timeout = 20 seconds
# Timeout after after which an uncommitted publication will be unblocked
# Only used when transport is aeron-udp.
publication-unblock-timeout = 40 seconds
# Timeout for each the INACTIVE and LINGER stages an aeron image
# will be retained for when it is no longer referenced.
# This timeout must be less than the 'handshake-timeout'.
# Only used when transport is aeron-udp.
image-liveness-timeout = 10 seconds
# Timeout after which the aeron driver is considered dead
# if it does not update its C'n'C timestamp.
# Only used when transport is aeron-udp.
driver-timeout = 20 seconds
}
# Only used when transport is tcp or tls-tcp.
tcp {
# Timeout of establishing outbound connections.
connection-timeout = 5 seconds
# The local address that is used for the client side of the TCP connection.
outbound-client-hostname = ""
}
}
# SSL configuration that is used when transport=tls-tcp.
ssl {
# Factory of SSLEngine.
# Must implement org.apache.pekko.remote.artery.tcp.SSLEngineProvider and have a public
# constructor with an ActorSystem parameter.
# The default ConfigSSLEngineProvider is configured by properties in section
# pekko.remote.artery.ssl.config-ssl-engine
ssl-engine-provider = org.apache.pekko.remote.artery.tcp.ConfigSSLEngineProvider
# Config of org.apache.pekko.remote.artery.tcp.ConfigSSLEngineProvider
config-ssl-engine {
# This is the Java Key Store used by the server connection
key-store = "keystore"
# This password is used for decrypting the key store
# Use substitution from environment variables for passwords. Don't define
# real passwords in config files. key-store-password=${SSL_KEY_STORE_PASSWORD}
key-store-password = "changeme"
# This password is used for decrypting the key
# Use substitution from environment variables for passwords. Don't define
# real passwords in config files. key-password=${SSL_KEY_PASSWORD}
key-password = "changeme"
# This is the Java Key Store used by the client connection
trust-store = "truststore"
# This password is used for decrypting the trust store
# Use substitution from environment variables for passwords. Don't define
# real passwords in config files. trust-store-password=${SSL_TRUST_STORE_PASSWORD}
trust-store-password = "changeme"
# Protocol to use for SSL encryption.
protocol = "TLSv1.2"
# Example: ["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
# "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
# "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
# "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
# When doing rolling upgrades, make sure to include both the algorithm used
# by old nodes and the preferred algorithm.
# If you use a JDK 8 prior to 8u161 you need to install
# the JCE Unlimited Strength Jurisdiction Policy Files to use AES 256.
# More info here:
# https://www.oracle.com/java/technologies/javase-jce-all-downloads.html
enabled-algorithms = ["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_CBC_SHA"]
# There are two options, and the default SecureRandom is recommended:
# "" or "SecureRandom" => (default)
# "SHA1PRNG" => Can be slow because of blocking issues on Linux
#
# Setting a value here may require you to supply the appropriate cipher
# suite (see enabled-algorithms section above)
random-number-generator = ""
# Require mutual authentication between TLS peers
#
# Without mutual authentication only the peer that actively establishes a connection (TLS client side)
# checks if the passive side (TLS server side) sends over a trusted certificate. With the flag turned on,
# the passive side will also request and verify a certificate from the connecting peer.
#
# To prevent man-in-the-middle attacks this setting is enabled by default.
require-mutual-authentication = on
# Set this to `on` to verify hostnames with sun.security.util.HostnameChecker
# If possible it is recommended to have this enabled. Hostname verification is designed for
# situations where things locate each other by hostname, in scenarios where host names are dynamic
# and not known up front it can make sense to have this disabled.
hostname-verification = off
}
# Config of org.apache.pekko.remote.artery.tcp.ssl.RotatingKeysSSLEngineProvider
# This engine provider reads PEM files from a mount point shared with the secret
# manager. The constructed SSLContext is cached some time (configurable) so when
# the credentials rotate the new credentials are eventually picked up.
# By default mTLS is enabled.
# This provider also includes a verification phase that runs after the TLS handshake
# phase. In this verification, both peers run an authorization and verify they are
# part of the same pekko cluster. The verification happens via comparing the subject
# names in the peer's certificate with the name on the own certificate so if you
# use this SSLEngineProvider you should make sure all nodes on the cluster include
# at least one common subject name (CN or SAN).
# The Key setup this implementation supports has some limitations:
# 1. the private key must be provided on a PKCS#1 or a non-encrypted PKCS#8 PEM-formatted file
# 2. the private key must be be of an algorithm supported by `pekko-pki` tools (e.g. "RSA", not "EC")
# 3. the node certificate must be issued by a root CA (not an intermediate CA)
# 4. both the node and the CA certificates must be provided in PEM-formatted files
rotating-keys-engine {
# This is a convention that people may follow if they wish to save themselves some configuration
secret-mount-point = /var/run/secrets/pekko-tls/rotating-keys-engine
# The absolute path the PEM file with the private key.
key-file = ${pekko.remote.artery.ssl.rotating-keys-engine.secret-mount-point}/tls.key
# The absolute path to the PEM file of the certificate for the private key above.
cert-file = ${pekko.remote.artery.ssl.rotating-keys-engine.secret-mount-point}/tls.crt
# The absolute path to the PEM file of the certificate of the CA that emitted
# the node certificate above.
ca-cert-file = ${pekko.remote.artery.ssl.rotating-keys-engine.secret-mount-point}/ca.crt
# There are two options, and the default SecureRandom is recommended:
# "" or "SecureRandom" => (default)
# "SHA1PRNG" => Can be slow because of blocking issues on Linux
#
# Setting a value here may require you to supply the appropriate cipher
# suite (see enabled-algorithms section)
random-number-generator = ""
# Example: ["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
# "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
# "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
# "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
# If you use a JDK 8 prior to 8u161 you need to install
# the JCE Unlimited Strength Jurisdiction Policy Files to use AES 256.
# More info here:
# https://www.oracle.com/java/technologies/javase-jce-all-downloads.html
enabled-algorithms = ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
# Protocol to use for SSL encryption.
protocol = "TLSv1.2"
# How long should an SSLContext instance be cached. When rotating keys and certificates,
# there must a time overlap between the old certificate/key and the new ones. The
# value of this setting should be lower than duration of that overlap.
ssl-context-cache-ttl = 5m
}
}
}
}
}
#//#artery
© 2015 - 2025 Weber Informatics LLC | Privacy Policy