-
Notifications
You must be signed in to change notification settings - Fork 0
options msgvpn create
Pankaj A edited this page Apr 3, 2020
·
2 revisions
% splus msgvpn create --help
Usage: splus msgvpn create [OPTIONS] NAME
Create a new Message VPN
Options:
--alias TEXT The name of another Message VPN which this
Message VPN is an alias for. When this
Message VPN is enabled, the alias has no
effect. When this Message VPN is disabled,
Clients (but not Bridges and routing Links)
logging into this Message VPN are
automatically logged in to the other Message
VPN, and authentication and authorization
take place in the context of the other
Message VPN.
--basic-authn / --no-basic-authn
Enable or disable basic authentication for
clients connecting to the Message VPN
[default: True]
--basic-authn-profile TEXT Name of the RADIUS or LDAP Profile to use
for basic authentication [default: default]
--basic-radius-domain TEXT RADIUS domain to use for basic
authentication. [default: ]
--basic-authn-type [internal|ldap|radius|none]
The type of basic authentication to use for
clients connecting to the Message VPN.
[default: none]
--enable-cert-api-username / --no-enable-cert-api-username
Allow a client to specify a Client Username
via the API connect method. When disabled,
the certificate CN (Common Name) is always
used [default: True]
--enable-cert-authn / --no-enable-cert-authn
Manage client certificate authentication
[default: False]
--max-chain-depth INTEGER Maximum depth for a client certificate
chain. The depth of a chain is defined as
the number of signing CA certificates that
are present in the chain back to a trusted
self-signed root CA certificate [default:
3]
--cert-revoke-check [allow-all|allow-unknown|allow-valid]
Desired behavior for client certificate
revocation checking [default: allow-valid]
--is-cert-user-source-cn / --no-is-cert-source-cn
Control if the username is derived from
Common Name or Alternate Name in the cert
[default: True]
--cert-date-check / --no-cert-date-check
Manage validation of dates in the client
certificate [default: True]
--enable-kerberos-api-username / --no-enable-kerberos-api-username
Allow a client to specify a Client Username
via the API connect method. When disabled,
the Kerberos Principal name is always used
[default: False]
--enable-kereberos-authn / --no-enable-kereberos-authn
Manage Kerberos authentication [default:
False]
--default-oauth-provider TEXT Name of the provider to use when the client
does not supply a provider name
--enable-oauth / --no-enable-oauth
Manage OAuth authentication [default:
False]
--ldap-attribute-name TEXT Name of the attribute that is retrieved from
the LDAP server as part of the LDAP search
when authorizing a client connecting to the
Message VPN [default: memberOf]
--trim-ldap-domain / --no-trim-ldap-domain
Manage client-username domain trimming for
LDAP lookups of client connections. When
enabled, the value of $CLIENT_USERNAME (when
used for searching) will be truncated at the
first occurance of the @ character. For
example, if the client-username is in the
form of an email address, then the domain
portion will be removed [default: False]
--ldap-authz-profile TEXT LDAP Profile to be used for client
authorization
--authz-type [ldap|internal] Authorization type to use for clients
connecting to the Message VPN. [default:
internal]
--enable-bridge-cn-check / --no-enable-bridge-cn-check
Enable or disable validation of the Common
Name (CN) in the server certificate from the
remote broker. If enabled, the Common Name
is checked against the list of Trusted
Common Names configured for the Bridge
[default: True]
--max-chain-depth-bridge INTEGER
Maximum depth of server certificate chain,
defined as the number of signing CA
certificates that are present in the chain
back to a trusted self-signed root CA
certificate [default: 3]
--cert-date-check-bridge / --no-cert-date-check-bridge
Manage validation of dates in the client
certificate [default: True]
--enable-cache-mgmt / --no-enable-cache-mgmt
Control managing of cache instances over the
message bus [default: True]
--dmr / --no-dmr Enable or disable Dynamic Message Routing
(DMR) [default: True]
--enable / --no-enable Enable or disable the Message VPN [default:
False]
--event-log-tag TEXT A prefix applied to all published Events in
the Message VPN
--publish-client-events / --no-publish-client-events
Enable or disable Client level Event message
publishing [default: False]
--publish-vpn-event / --no-publish-vpn-event
Enable or disable Message VPN level Event
message publishing [default: True]
--event-subscription-mode [off|on-with-format-v2]
Subscription level Event message publishing
mode
--enable-mqtt-topics / --no-enable-mqtt-topics
Enable or disable Event publish topics in
MQTT format [default: False]
--enable-smf-topics / --no-enable-smf-topics
Enable or disable Event publish topics in
SMF format. [default: True]
--export-subscriptions / --no-export-subscriptions
Manage export of subscriptions in the
Message VPN to other routers in the network
over Neighbor links [default: False]
--jndi / --no-jndi Enable or disable JNDI access for clients
[default: False]
--max-connections INTEGER Maximum number of client connections
--max-egress-flows INTEGER Maximum number of transmit flows that can be
created [default: 16000]
--max-endpoints INTEGER Maximum number of Queues and Topic Endpoints
that can be created [default: 16000]
--max-ingress-flows INTEGER Maximum number of receive flows that can be
created [default: 16000]
--max-spool INTEGER Maximum message spool usage, in megabytes
(MB) [default: 0]
--max-subscriptions INTEGER Maximum number of local client subscriptions
(both primary and backup) that can be added
--max-tx-sessions INTEGER Maximum number of transacted sessions that
can be created
--max-tx INTEGER Maximum number of transactions that can be
created
--mqtt-retain-mem INTEGER Maximum total memory usage of the MQTT
Retain feature, in MB. If the maximum memory
is reached, any arriving retain messages
that require more memory are discarded. A
value of -1 indicates that the memory is
bounded only by the global max memory limit.
A value of 0 prevents MQTT Retain from
becoming operational [default: -1]
--ip-version [ipv4|ipv6] IP version to use if DNS lookup contains
both an IPv4 and IPv6 address
--replicate-ack-interval INTEGER
Acknowledgement (ACK) propagation interval
for the replication Bridge, in number of
replicated messages [default: 20]
--bridge-username TEXT Client Username the replication Bridge uses
to login to the remote Message VPN
--bridge-password TEXT Password for the Client Username
--bridge-cert-content TEXT PEM formatted content for the client
certificate used by this bridge to login to
the Remote Message VPN. It must consist of a
private key and between one and three
certificates comprising the certificate
trust chain
--bridge-cert-password TEXT Password for the client certificate
--replicate-authn [basic|client-certificate]
Authentication scheme for the replication
Bridge in the Message VPN
--replicate-compress / --no-replicate-compress
Control the use of compression for the
replication bridge [default: False]
--replicate-window-size INTEGER
Size of the window used for guaranteed
messages published to the replication
Bridge, in messages [default: 255]
--replicate-retry-delay INTEGER
Number of seconds that must pass before
retrying the replication Bridge connection
[default: 3]
--tls-replicate / --no-tls-replicate
Enable or disable use of encryption (TLS)
for the replication Bridge connection
[default: False]
--replicate-cp TEXT Client Profile for the unidirectional
replication Bridge in the Message VPN. It is
used only for the TCP parameters [default:
#client-profile]
--replicate / --no-replicate Enable or disable replication for the
Message VPN [default: False]
--replicate-queue [fail-on-existing-queue|force-use-existing-queue|force-recreate-queue]
Behavior to take when enabling replication
for the Message VPN, depending on the
existence of the replication Queue
--replicate-max-spool INTEGER Maximum message spool usage by the
replication Bridge local Queue (quota), in
megabytes [default: 60000]
--replicate-reject-on-discard / --no-replicate-reject-on-discard
Control whether messages discarded on the
replication Bridge local Queue are rejected
back to the sender [default: True]
--reject-on-async / --no-reject-on-async
Control whether guaranteed messages
published to synchronously replicated Topics
are rejected back to the sender when
synchronous replication becomes ineligible
[default: False]
--replicate-role [active|standby]
Replication role for the Message VPN
[default: active]
--replicate-tx-mode [sync|async]
Transaction replication mode for all
transactions within the Message VPN.
Changing this value during operation will
not affect existing transactions; it is only
used upon starting a transaction [default:
sync]
--rest-cn-check / --no-rest-cn-check
Control validation of the Common Name (CN)
in the server certificate from the remote
REST Consumer against the list of Trusted
CNs configured for the REST Consumer
[default: True]
--rest-cert-max-depth INTEGER Maximum depth for a REST Consumer server
certificate chain, defined as the number of
signing CA certificates that are present in
the chain back to a trusted self-signed root
CA certificate [default: 3]
--rest-cert-date-check / --no-rest-cert-date-check
Control validation of dates in the REST
Consumer server certificate [default: True]
--msgbus-client-admin / --no-msgbus-client-admin
Enable or disable "admin client" SEMP over
the message bus commands [default: False]
--msgbus-admin-cache / --no-msgbus-admin-cache
Enable or disable "admin distributed-cache"
SEMP over the message bus commands
[default: False]
--msgbus-admin / --no-msgbus-admin
Enable or disable "admin" SEMP over the
message bus commands for the current Message
VPN [default: False]
--msgbus / --no-msgbus Enable or disable SEMP over the message bus
[default: True]
--msgbus-show / --no-msgbus-show
Enable or disable "show" SEMP over the
message bus command [default: False]
--amqp-max-conn INTEGER Maximum number of AMQP client connections
that can be simultaneously connected
--amqp-plaintext / --no-amqp-plaintext
Enable or disable the plain-text AMQP
service in the Message VPN [default: False]
--amqp-port INTEGER Port number for plain-text AMQP clients.
Port must be unique across the message
backbone
--amqp-tls / --no-amqp-tls Enable or disable the use of encryption
(TLS) for the AMQP service [default: False]
--amqp-tls-port INTEGER Port number for AMQP clients that connect
over TLS. Port must be unique across the
message backbone
--mqtt-max-conn INTEGER Maximum number of MQTT client connections
that can be simultaneously connected
--mqtt-plaintext / --no-mqtt-plaintext
Enable or disable the plain-text MQTT
service in the Message VPN [default: False]
--mqtt-port INTEGER Port number for plain-text MQTT clients.
Port must be unique across the message
backbone
--mqtt-tls / --no-mqtt-tls Enable or disable the use of encryption
(TLS) for the MQTT service [default: False]
--mqtt-tls-port INTEGER Port number for MQTT clients that connect
over TLS. Port must be unique across the
message backbone
--mqtt-wss / --no-mqtt-wss Enable or disable the use of WebSocket over
TLS for the MQTT service [default: False]
--mqtt-wss-port INTEGER Port number for MQTT clients that connect
using WebSocket over TLS. Port must be
unique across the message backbone
--mqtt-ws / --no-mqtt-ws Enable or disable the use of WebSocket for
the MQTT service [default: False]
--mqtt-ws-port INTEGER Port number for AMQP clients that connect
over TLS. Port must be unique across the
message backbone
--rest-max-conn INTEGER Maximum number of REST incoming client
connections that can be simultaneously
connected
--rest-plaintext / --no-rest-plaintext
Enable or disable the plain-text REST
service for incoming clients [default:
False]
--rest-port INTEGER Port number for REST clients. Port must be
unique across the message backbone
--rest-tls / --no-rest-tls Enable or disable the use of encryption
(TLS) for the REST service [default: False]
--rest-tls-port INTEGER Port number for REST clients that connect
over TLS. Port must be unique across the
message backbone
--rest-gateway-mode / --no-rest--gateway-mode
Enable gateway mode or let the message VPN
function in the default messaging mode
[default: False]
--rest-max-outgoing-conn INTEGER
Maximum number of REST Consumer (outgoing)
client connections
--smf-max-conn INTEGER Maximum number of SMF client connections
that can be simultaneously connected
--smf-plaintext / --no-smf-plaintext
Enable or disable the plain-text SMF service
[default: True]
--smf-tls / --no-smf-tls Enable or disable the use of encryption
(TLS) for the SMF service [default: True]
--web-max-conn INTEGER Maximum number of Web Transport client
connections that can be simultaneously
connected
--web-plaintext / --no-web-plaintext
Enable or disable the plain-text Web
Transport service [default: True]
--web-tls / --no-web-tls Enable or disable the use of encryption
(TLS) for the Web Transport service
[default: True]
--tls-downgrade / --no-tls-downgrade
Enable or disable the allowing of TLS SMF
clients to downgrade their connections to
plain-text connections [default: True]
--broker-url TEXT MsgVPN URL (default from config file
--broker-username TEXT Admin username (default from config file)
--broker-password TEXT Admin password (default from config file)
--help Show this message and exit.