Configuring Incoming Replication Transports
Transports enable connections to the AMPS instance. For replication, messages always flow from a replication destination to a transport defined in the Transport section. To receive incoming messages via replication, an instance must define the amps-replication transport in its list of Transports. Note that an instance can have only one incoming replication transport.
Additionally, transports for application use must be configured separately, as an amps-replication transport is used solely for replication purposes. For more information on Transports, see the Configuring Transports section.
For inbound replication connections secured with SSL, use the amps-replication-secure transport. This transport type requires a certificate and private key to be set.
This section describes configuring an AMPS replication transport, that is, a transport that allows the flow of incoming replication messages from a replication source.
Configuring a replication source involves defining a Destination within the Replication block, which specifies replication targets. See the Configuring Outgoing Replication Destinations section and the Replicating Messages Between Instances section for details.
The configuration details below apply specifically to the transport types amps-replication and amps-replication-secure, which are used for setting up replication. To configure a Transport for handling application connections, see Configuring Transports.
Transport: Defining Incoming Messages
The amps-replication Transport defines an incoming flow of messages via replication.
Transport(amps-replication) (required)
-
Defines how AMPS accepts connections for incoming replication messages.
-
Required parent tag, which is defined to receive incoming messages via replication.
-
For replication,
Typeshould beamps-replicationoramps-replication-secure(for connections that use SSL).
Replication Transport Configuration
Described below are the configuration items available for Transport when configuring replication. Expand each item for more details.
Name (required)
The name to use for this Transport. This name appears in the AMPS log for messages related to the transport.
When the Type of the Transport is amps-replication or amps-replication-secure, 60East recommends that the Name of the Transport match the value of the Type to help make debugging replication easier.
There is no default for this value.
Type (required)
Specifies the type of connection to make.
The Type of a replication Transport must always be either amps-replication or amps-replication-secure.
When the Type is set to amps-replication-secure, the incoming connection will use TLS/SSL.
The Type of the outgoing connection must match the Type of the Transport that this instance is connecting to.
InetAddr
The port on which AMPS will listen for this transport. This element can also specify an IP address, in which case AMPS listens only on that address. If no IP address is specified, AMPS listens on all available addresses.
Starting with version 5.3.3, both IPv4 and IPv6 address formats are fully supported for use with specifying the network address of a transport. If no address is specified and the host supports IPv6, AMPS will listen for incoming connections on both IPv4 and IPv6 protocols.
If you wish to limit AMPS to listen for addresses of only a specific IP protocol you may specify the ANY address for that protocol.
For example:
0.0.0.0:9007 will cause AMPS to listen on port 9007 for only IPv4 addresses.
[::]:9007 will cause AMPS to listen on port 9007 for only IPv6 addresses.
This element is not required for transports of the amps-unix Type but is required for all other Type values.
TLS/SSL Parameters
Described below are the configuration items needed to set up and enable TLS/SSL, if the transport Type is amps-replication-secure. Expand each item for more details.
Certificate (required if Type is amps-replication-secure)
A Transport element that specifies amps-replication-secure as the transport type must provide a certificate to use for the TLS/SSL connection.
There is no default for this option.
PrivateKey (required if Type is amps-replication-secure)
A Transport element that specifies amps-replication-secure as the transport type must provide a private key to use for the SSL connection.
There is no default for this option.
Ciphers (optional, only supported if Type is amps-replication-secure)
A Transport element that specifies amps-replication-secure as the transport type may provide a cipher list to use for the SSL connection. When provided, this connection is restricted to the specified ciphers.
Default: No restriction on the ciphers supported by the SSL implementation.
VerifyClient (optional, only supported if Type is amps-replication-secure)
When set to true, this destination will verify certificates provided for TLS using the CAFile or CAFileLocation specified.
Default: false
CAFile (one of CAFile or CAPath must be specified if VerifyClient is true)
When VerifyClient is set to true, specifies a .pem file containing trusted certificates used to verify certificates provided by the other side of the replication connection.
There is no default for this option.
CAPath (one of CAFile or CAPath must be specified if VerifyClient is true)
When VerifyClient is set to true, specifies a path to a directory containing .pem files that contain trusted certificates used to verify certificates provided by the other side of the replication connection. When this parameter is provided and VerifyClient is set to true, AMPS will use every .pem file in the directory for verification.
There is no default for this option.
Sample Replication Transport Configuration
This section shows a sample that configures an AMPS instance to receive messages via replication.
<Transports>
<!-- Transport for clients: accept any known message
type over tcp. -->
<Transport>
<Name>any-tcp</Name>
<Type>tcp</Type>
<InetAddr>9007</InetAddr>
<Protocol>amps</Protocol>
</Transport>
<!-- The amps-replication transport is required.
This AMPS instance will receive replication messages
on this transport. The instance can receive messages
from any number of upstream AMPS instances on this
transport. However, regular clients cannot connect
on this port, since this port uses the replication
protocol. -->
<Transport>
<Name>amps-replication</Name>
<Type>amps-replication</Type>
<InetAddr>localhost:10004</InetAddr>
</Transport>
</Transports>