Skip to main content
Loading

Configure the Aerospike XDR Proxy service

Service

The service section configures the connector's listening ports, TLS and network interface.

The following options are available:

OptionRequiredDefaultDescription
portno8080The list of ports the connector listens to.
addressno0.0.0.0The list of interface IP addresses the connector binds to. Use 0.0.0.0 for all interfaces.
tlsRequired, if port not specified.N/ASee Configuring TLS below.
managenoN/ASee Querying and Managing Metrics and Logs below.
protocol
since 2.0.0
noTCPThe incoming protocol for the connector. See protocol for details.
io-threadsno# of processors.The number of IO threads to read, parse incoming XDR requests and to write acknowledgments to XDR
worker-threadsno# of processorsThe number of threads that will invoke the connector to dispatch a record.
max-concurrent-recordsno32768The maximum number of XDR records to concurrently process in the connector.
cluster-namenoproduct-nameGroup or cluster this connector instance belongs to. Used for grouping instances in Prometheus.

For several examples of the service section of the /etc/aerospike-xdr-proxy/aerospike-xdr-proxy.yml, see "Examples" at the bottom of this page.

Protocol

The incoming protocol for the connector. Valid values are:

ProtocolDescription
TCPThe change notification source is Aerospike server 5.0 or later. This is the default.
HTTP_1_1The change notification source is Aerospike server prior to 5.0 version.
HTTP_2The change notification source is the ESP connector

Querying and Managing Metrics and Logs

You can use the Management and Metrics API to query and manage the outbound server metrics and logs via a REST endpoint. These settings are for using the manage subsection of the service section to specify the endpoint and (optionally) TLS settings for securing connections.

OptionRequiredDefaultDescription
portnononeThe port the connector listens to.
addressno0.0.0.0The interface IP address the connector binds to. Use 0.0.0.0 for all interfaces.
tlsRequired if port not specified.N/ASee Configuring TLS below.

Configuring TLS

In the tls option of the service section and the manage section, you can specify TLS settings for making secure connections.

The configuration options are:

OptionRequiredDefaultDescription
portnoThe HTTPS/TLS port the server listens to.
key-storenoThe keystore configuration containing the server-side certificate and key. See Configuring a TLS Store.
trust-storenoDefault java trust store.The keystore configuration containing the trusted CA certificates. See Configuring a TLS Store.
protocolsnoTLSv1.2List of allowed TLS protocols.
ciphersnoDefault java ciphersList of allowed ciphers.
revoke-certificatesnoReject TLS certificates with the serial numbers specified in this list
allowed-peer-namesnoList of client (aerospike server nodes) peer names for mutual authentication. If set, only those clients (aerospike server nodes) that present certificates matching the peer names will be allowed to connect.
mutual-authnofalseShould the outbound connector mutually authenticate the Aerospike server.

Configuring a TLS store

The key-store and trust-store options are for describing how TLS keystores and truststores are configured. All relative file paths are considered relative to the directory in which the configuration file is located. See Setting Up TLS Keystores for Aerospike Connect for information about creating keystores.

OptionRequiredDefaultDescription
store-fileyesThe store file.
store-password-fileyesRead store password from this file.
key-password-filenoRead key password from this file.
store-typenoJKSThe keystore type. Valid values are JKS, JCEKS, PKCS12, PKCS11, DKS, Windows_MY, BKS.

Examples

Clear-text only

service:
port: 8080
address: 192.168.5.154
manage:
address: 0.0.0.0
port: 8902

TLS only

service:
tls:
port: 8443
allowed-peer-names:
- asd.aerospike.com
protocols:
- tlsv1.3
trust-store:
store-file: tls/ca.aerospike.com.truststore.jks
store-password-file: tls/storepass
key-store:
store-file: tls/connector.aerospike.com.keystore.jks
store-password-file: tls/storepass
key-password-file: tls/keypass
manage:
tls:
port: 8903
trust-store:
store-file: tls/ca.aerospike.com.truststore.jks
store-password-file: tls/storepass
key-store:
store-file: tls/connector.aerospike.com.keystore.jks
store-password-file: tls/storepass
key-password-file: tls/keypass

Clear text and TLS

service:
port: 8080
address: 192.168.5.154
tls:
port: 8443
allowed-peer-names:
- asd.aerospike.com
protocols:
- tlsv1.3
trust-store:
store-file: tls/ca.aerospike.com.truststore.jks
store-password-file: tls/storepass
key-store:
store-file: tls/connector.aerospike.com.keystore.jks
store-password-file: tls/storepass
key-password-file: tls/keypass
manage:
address: 0.0.0.0
port: 8902
tls:
port: 8903
trust-store:
store-file: tls/ca.aerospike.com.truststore.jks
store-password-file: tls/storepass
key-store:
store-file: tls/connector.aerospike.com.keystore.jks
store-password-file: tls/storepass
key-password-file: tls/keypass