gemfire.properties and gfsecurity.properties (GemFire Properties)
gemfire.properties and gfsecurity.properties (GemFire Properties)
You use the gemfire.properties settings to join a distributed system and configure system member behavior. Distributed system members include applications, the cache server, the locator, and other GemFire processes.
You can place any security-related (properties that begin with security-*) configuration properties in gemfire.properties into a separate gfsecurity.properties file. Placing these configuration settings in a separate file allows you to restrict access to security configuration data. This way, you can still allow read or write access for your gemfire.properties file.
You can also define provider-specific properties ("ssl" properties) in gfsecurity.properties instead of defining them at the command-line or in your environment.
You can specify non-ASCII text in your properties files by using Unicode escape sequences. See Using Non-ASCII Strings in Pivotal GemFire Property Files for more details.
Note: Unless otherwise indicated, these settings only affect activities within this
distributed system - not activities between clients and servers or between a gateway
sender and gateway receiver in a multi-site installation.
| Setting | Definition | Default |
|---|---|---|
| ack-severe-alert-threshold | Number of seconds the distributed system will wait after the ack-wait-threshold for a message to be acknowledged before it issues an alert at severe level. A value of zero disables this feature. | 0 |
| ack-wait-threshold | Number of seconds a distributed message can
wait for acknowledgment before it sends an alert to signal that
something might be wrong with the system member that is unresponsive.
The waiter continues to wait. The alerts are logged in the system member’s log as warnings. Valid values are in the range 0...2147483647 |
15 |
| archive-disk-space-limit | Maximum size (in megabytes) of all inactive statistic archive files combined. If this limit is exceeded, inactive archive files are deleted, oldest first, until the total size is within the limit. If set to zero, disk space use is unlimited. | 0 |
| archive-file-size-limit | The maximum size (in megabytes) of a single statistic archive file. Once this limit is exceeded, a new statistic archive file is created, and the current archive file becomes inactive. If set to zero, file size is unlimited. | 0 |
| async-distribution-timeout | The number of milliseconds a process that is
publishing to this process should attempt to distribute a cache
operation before switching over to asynchronous messaging for this
process. The switch to asynchronous messaging lasts until this process
catches up, departs, or some specified limit is reached, such as
async-queue-timeout or async-max-queue-size. To enable asynchronous
messaging, the value must be set above zero. Valid values are in the
range 0...60000.
Note: This setting controls only peer-to-peer
communication and does not apply to client/server or multi-site
communication.
|
0 |
| async-max-queue-size | Affects non-conflated asynchronous queues for members that publish to
this member. This is the maximum size the queue can reach (in megabytes)
before the publisher asks this member to leave the distributed system.
Valid values are in the range 0..1024.
Note: This setting
controls only peer-to-peer communication and does not apply to
client/server or multi-site communication.
|
8 |
| async-queue-timeout | Affects asynchronous queues for members that publish to this member.
This is the maximum milliseconds the publisher should wait with no
distribution to this member before it asks this member to leave the
distributed system. Used for handling slow receivers.
Note: This setting
controls only peer-to-peer communication and does not apply to
client/server or multi-site communication.
|
60000 |
| bind-address | Relevant only for multi-homed hosts - machines
with multiple network interface cards. Specifies the adapter card the
cache binds to for peer-to-peer communication. Also specifies the
default location for GemFire servers to listen
on, which is used unless overridden by the
server-bind-address. An empty string causes the
member to listen on the default card for the machine. This is a
machine-wide attribute used for system member and client/server
communication. It has no effect on locator location, unless the locator
is embedded in a member process. Specify the IP address, not the hostname, because each network card may not have a unique hostname. An empty string (the default) causes the member to listen on the default card for the machine. |
not set |
| cache-xml-file | Declarative initialization file for the member's cache. | cache.xml |
| cluster-configuration-dir | This property specifies the directory in which the cluster configuration related disk-store and artifacts are stored. This property is only applicable to dedicated locators that have "enable-cluster-configuration" set to true. | not set |
| cluster-ssl-ciphers | Used for SSL security. A space-separated list of the valid SSL ciphers for peer-to-peer connections in the cluster. A setting of 'any' uses any ciphers that are enabled by default in the configured JSSE provider. This attribute must be consistent across all members of the distributed system. GemFire applies this peer-to-peer connection property setting to client/server, JMX manager, WAN gateway and HTTP service connections unless the corresponding SSL property (server-ssl-ciphers, jmx-manager-ssl-ciphers, gateway-ssl-ciphers, or http-service-ssl-ciphers) is defined. See Configuring SSL. | any |
| cluster-ssl-enabled | Used for SSL security. Boolean indicating whether to use SSL for peer-to-peer communications. A true setting requires the use of locators. This attribute must be consistent across all members of the distributed system. GemFire applies this peer-to-peer connection property setting to client/server, JMX manager, WAN gateway, and HTTP service connections unless the corresponding SSL property (server-ssl-enabled, jmx-manager-ssl-enabled, gateway-ssl-enabled, or http-service-ssl-enabled) is defined. See Configuring SSL. | false |
| cluster-ssl-keystore, gateway-ssl-keystore, http-service-ssl-keystore, jmx-manager-ssl-keystore, server-ssl-keystore | Properties that dentify the keystores to use for SSL
connections.cluster-ssl-keystore defines the
keystore for GemFire peer-to-peer connections.
If you specify only cluster-ssl-keystore, then the same
keystore is also used for client/server, JMX manager, WAN gateway and
HTTP service connections. Specify the gateway, jmx-manager, server- or
http-service- prefix with this property to use a different keystore for
the respective SSL connection type. See Configuring SSL.
Note: javax.net.ssl.keyStore is deprecated. Use
cluster-ssl-keystore instead.
|
not set |
| cluster-ssl-keystore-password, gateway-ssl-keystore-password, http-service-ssl-keystore-password, jmx-manager-ssl-keystore-password, server-ssl-keystore-password | Properties that identify the passwords for the keystores used with
SSL connections. See Configuring SSL.
Note: javax.net.ssl.keyStorePassword is deprecated. Use
cluster-ssl-keystore-password instead.
|
not set |
| cluster-ssl-keystore-type, gateway-ssl-keystore-type, http-service-ssl-keystore-type, jmx-manager-ssl-keystore-type, server-ssl-keystore-type | System properties that identify the types of keystores used with SSL
connections. See Configuring SSL.
Note: javax.net.ssl.keyStoreType is deprecated. Use
cluster-ssl-keystore-type instead.
|
not set |
| cluster-ssl-protocols | Used for SSL security. A space-separated list of the valid SSL protocols for peer-to-peer connections in the cluster. A setting of 'any' uses any protocol that is enabled by default in the configured JSSE provider. GemFire applies this peer-to-peer connection property setting to client/server, JMX manager, WAN gateway and HTTP service connections unless the corresponding SSL property (server-ssl-protocols, jmx-manager-ssl-protocols, gateway-ssl-protocols, or http-service-ssl-protocols) is defined. See Configuring SSL. | any |
| cluster-ssl-require-authentication | Used for SSL security. Boolean indicating whether to require authentication for member communication. GemFire applies this peer-to-peer connection property setting to client/server, JMX manager, WAN gateway and HTTP service connections unless the corresponding SSL property (server-ssl-require-authentication, jmx-manager-ssl-require-authentication, gateway-ssl-require-authentication, or http-service-ssl-require-authentication) is defined. See Configuring SSL. | true |
| cluster-ssl-truststore, gateway-ssl-truststore, http-service-ssl-truststore, jmx-manager-ssl-truststore, server-ssl-truststore | Properties that identify the truststores to use for SSL connections.
cluster-ssl-truststore defines the truststore for
GemFire peer-to-peer connections. If you
specify only cluster-ssl-truststore, then the same
truststore is also used for client/server, JMX manager, WAN gateway and
HTTP service connections. Specify the gateway-, jmx-manager, server-, or
http-service- prefix with this property to use a different truststore
for the respective SSL connection type. See Configuring SSL.
Note: javax.net.ssl.trustStore is deprecated. Use
cluster-ssl-truststore instead.
|
not set |
| cluster-ssl-truststore-password, gateway-ssl-truststore-password, http-service-ssl-truststore-password, jmx-manager-ssl-truststore-password, server-ssl-truststore-password | Properties that identifies the passwords for the truststores used with SSL connections. See Configuring SSL. | not set |
| conflate-events | Used only by clients in a client/server installation. This is a client-side property that is passed to the server. Affects subscription queue conflation in this client's servers. Specifies whether to conflate (true setting), not conflate (false), or to use the server's conflation setting (server). | server |
| conserve-sockets | Specifies whether sockets are shared by the system member’s threads.
If true, threads share, and a minimum number of sockets are used to
connect to the distributed system. If false, every application thread
has its own sockets for distribution purposes. You can override this
setting for individual threads inside your application. Where possible,
it is better to set conserve-sockets to true and enable the use of
specific extra sockets in the application code if needed.
Note: WAN
deployments increase the messaging demands on a GemFire system. To avoid hangs related to WAN
messaging, always set conserve-sockets=false for
GemFire members that participate in a
WAN deployment.
|
true |
| delta-propagation | Specifies whether to distribute the deltas for entry updates, instead of the full values, between clients and servers and between peers. | true |
| deploy-working-dir | Working directory used when deploying JAR application files to distributed system members. This directory can be local and unique to the member or a shared resource. See Deploying Application JARs to Pivotal GemFire Members for more information. | . (current directory) |
| disable-auto-reconnect | By default, a GemFire member (both locators and servers) will attempt to reconnect and reinitialize the cache after it has been forced out of the distributed system by a network partition event or has otherwise been shunned by other members. Use this property to turn off the autoreconnect behavior. See Handling Forced Cache Disconnection Using Autoreconnect for more details. | false |
| disable-tcp | Boolean indicating whether to disable the use of TCP/IP sockets for inter-cache point-to-point messaging. If disabled, the cache uses datagram (UDP) sockets. | false |
| distributed-system-id | Identifier used to distinguish messages from different distributed systems. Set this to different values for different systems in a multi-site (WAN) configuration. This is required for Portable Data eXchange (PDX) data serialization. This setting must be the same for every member in the same distributed system and unique to the distributed system within the WAN installation. -1 means no setting. Valid values are integers in the range -1...255. | -1 |
| durable-client-id | Used only for clients in a client/server installation. If set, this indicates that the client is durable and identifies the client. The ID is used by servers to reestablish any messaging that was interrupted by client downtime. | not set |
| durable-client-timeout | Used only for clients in a client/server installation. Number of seconds this client can remain disconnected from its server and have the server continue to accumulate durable events for it. | 300 |
| enable-network-partition-detection | Boolean instructing the system to detect and handle splits in the distributed system, typically caused by a partitioning of the network (split brain) where the distributed system is running. We recommend setting this property to true. You must set this property to the same value across all your distributed system members. In addition, you must set this property to true if you are using persistent regions and configure your regions to use DISTRIBUTED_ACK or GLOBAL scope to avoid potential data conflicts. | false |
| enable-cluster-configuration | A value of "true" causes the creation of cluster configuration on dedicated locators. The cluster configuration service on dedicated locator(s) with this property set to "true" would serve the configuration to new members joining the distributed system and also save the configuration changes caused by the gfsh commands. This property is only applicable to dedicated locators.. | true |
| enable-time-statistics | Boolean instructing the system to track time-based statistics for the distributed system and caching. Disabled by default for performance reasons and not recommended for production environments. You must also configure statistics-sampling-enabled to true and specify a statistics-archive-file. | false |
| enforce-unique-host | Whether partitioned regions will put redundant copies of the same data in different members running on the same physical machine. By default, GemFire tries to put redundant copies on different machines, but it will put them on the same machine if no other machines are available. Setting this property to true prevents this and requires different machines for redundant copies. | false |
| gateway-ssl-ciphers | A space-separated list of the valid SSL ciphers for WAN gateway connections. A setting of 'any' uses any ciphers that are enabled by default in the configured JSSE provider. If this property is not set, then GemFire uses the value of cluster-ssl-ciphers to determine which SSL ciphers are used for WAN connections. See Multi-Site (WAN) Deployment Security. | value of ssl-ciphers |
| gateway-ssl-enabled | Enables or disables SSL for WAN gateway connections. If this property is not set, then GemFire uses the value of cluster-ssl-enabled to determine whether JMX connections use SSL. See Multi-Site (WAN) Deployment Security. | value of ssl-enabled |
| gateway-ssl-protocols | A space-separated list of the valid SSL protocols for WAN gateway connections. A setting of 'any' uses any protocol that is enabled by default in the configured JSSE provider. If this property is not set, then GemFire uses the value of cluster-ssl-protocols to determine which SSL protocols are used by WAN connections. See Multi-Site (WAN) Deployment Security. | value of ssl-protocols |
| gateway-ssl-require-authentication | Boolean indicating whether to require authentication for WAN gateway connections. If this property is not set, then GemFire uses the value of cluster-ssl-require-authentication to determine whether WAN connections require authentication. See Multi-Site (WAN) Deployment Security. | value of ssl-require-authentication |
| groups | Defines the list of groups that this member belongs to. Use commas to separate group names. Note that anything defined by the roles gemfire property will also be considered a group. See Using Member Groups for more information. | not set |
| http-service-bind-address | If set, then the GemFire member binds the embedded HTTP service to the specified address. If this property is not set but the HTTP service is enabled using http-service-port, then GemFire binds the HTTP service to the member's local address. Used by the GemFire Pulse Web application and the developer REST API service. | not set |
| http-service-port | If non-zero, then GemFire starts an embedded HTTP service that listens on this port. The HTTP service is used to host the GemFire Pulse Web application and the development REST API service. If you are hosting the Pulse web app on your own Web server and are not using the development REST API service, then disable this embedded HTTP service by setting this property to zero. Ignored if jmx-manager and start-dev-rest-api are both set to false. | 7070 |
| http-service-ssl-ciphers | A space separated list of the SSL cipher suites to enable. Those listed must be supported by the available providers. | not set |
| http-service-ssl-enabled | Specifies if the HTTP service is started with separate ssl configuration. If not specified, then the global property cluster-ssl-enabled (and its other related properties) are used to create server socket. | false |
| http-service-ssl-protocols | A space separated list of the SSL protocols to enable. Those listed must be supported by the available providers. | any |
| http-service-ssl-require-authentication | Boolean indicating whether to require authentication for HTTP service connections. If this property is not set, then GemFire uses the value of cluster-ssl-require-authentication to determine whether HTTP service connections require authentication. | false |
| jmx-manager | If true then this member is willing to be a JMX Manager. All the other JMX Manager properties will be used when it does become a manager. If this property is false then all other jmx-manager-* properties are ignored. | false (except on locators) |
| jmx-manager-access-file | By default the JMX Manager will allow full access to all mbeans by any client. If this property is set to the name of a file then it can restrict clients to only being able to read MBeans; they will not be able to modify MBeans. The access level can be configured differently in this file for each user name defined in the password file. For more information about the format of this file see Oracle's documentation of the com.sun.management.jmxremote.access.file system property. Ignored if jmx-manager is false or if jmx-manager-port is zero. | not set |
| jmx-manager-bind-address | By default the jmx-manager (when configured with a port) will listen on all the local host's addresses. You can use this property to configure what IP address or host name the JMX Manager will listen on for non-HTTP connections. Ignored if JMX Manager is false or jmx-manager-port is zero. | not set |
| jmx-manager-hostname-for-clients | Lets you control what hostname will be given to clients that ask the locator for the location of a JMX Manager. By default the IP address that the jmx-manager reports is used. But for clients on a different network this property allows you to configure a different hostname that will be given to clients. Ignored if jmx-manager is false or jmx-manager-port is zero. | not set |
| jmx-manager-http-port | Deprecated. Use http-service-port instead. | 7070 |
| jmx-manager-password-file | By default the JMX Manager will allow clients without credentials to connect. If this property is set to the name of a file then only clients that connect with credentials that match an entry in this file will be allowed. Most JVMs require that the file is only readable by the owner. For more information about the format of this file see Oracle's documentation of the com.sun.management.jmxremote.password.file system property. Ignored if jmx-manager is false or if jmx-manager-port is zero. | not set |
| jmx-manager-port | The port this JMX Manager will listen to for client connections. If this property is set to zero then GemFire will not allow remote client connections but you can alternatively use the standard system properties supported by the JVM for configuring access from remote JMX clients. Ignored if jmx-manager is false. | 1099 |
| jmx-manager-ssl-enabled | Enables or disables SSL for connections to the JMX Manager. If true and jmx-manager-port is not zero, then the JMX Manager will only accept SSL connections. If this property is not set, then GemFire uses the value of cluster-ssl-enabled to determine whether JMX connections should use SSL. See Configuring SSL. | value of cluster-ssl-enabled |
| jmx-manager-ssl-ciphers | A space-separated list of the valid SSL ciphers for JMX manager connections. A setting of 'any' uses any ciphers that are enabled by default in the configured JSSE provider. If this property is not set, then GemFire uses the value of cluster-ssl-ciphers to determine which SSL ciphers are used for JMX connections. See Configuring SSL. | value of cluster-ssl-ciphers |
| jmx-manager-ssl-protocols | A space-separated list of the valid SSL protocols for JMX manager connections. A setting of 'any' uses any protocol that is enabled by default in the configured JSSE provider. If this property is not set, then GemFire uses the value of cluster-ssl-protocols to determine which SSL protocols are used for JMX connections. See Configuring SSL. | value of cluster-ssl-ciphers |
| jmx-manager-ssl-require-authentication | Boolean indicating whether to require authentication for JMX Manager connections. If this property is not set, then GemFire uses the value of cluster-ssl-require-authentication to determine whether JMX connections require authentication. See Configuring SSL. | value of cluster-ssl-require-authentication |
| jmx-manager-start | If true then this member will start a jmx manager when it creates a cache. Management tools like gfsh can be configured to connect to the jmx-manager. In most cases you should not set this because a jmx manager will automatically be started when needed on a member that sets "jmx-manager" to true. Ignored if jmx-manager is false. | false |
| jmx-manager-update-rate | The rate, in milliseconds, at which this member will push updates to any JMX Managers. Currently this value should be greater than or equal to the statistic-sample-rate. Setting this value too high will cause stale values to be seen by gfsh and GemFire Pulse. | 2000 |
| load-cluster-configuration-from-dir | Setting this property to "true" causes loading of cluster configuration from "cluster_config" directory in the locator. This property is only applicable to dedicated locators that have "enable-cluster-configuration" set to true. | false |
| locator-wait-time | The number of seconds that a member should wait for a locator to start if a locator is not available when attempting to join the distributed system. Use this setting when you are starting locators and peers all at once. This timeout allows peers to wait for the locators to finish starting up before attempting to join the distributed system. | 0 |
| locators |
The list of locators used by system members. The list must be configured consistently for every member of the distributed system. If the list is empty, locators are not used. For each locator, provide a host name and/or address (separated by
‘@’, if you use both), followed by a port number in brackets.
Examples:
locators=address1[port1],address2[port2] locators=hostName1@address1[port1],hostName2@address2[port2] locators=hostName1[port1],hostName2[port2]
Note: On multi-homed hosts, this last notation will use the default
address. If you use bind addresses for your locators, explicitly
specify the addresses in the locators list—do not use just the
hostname.
If you have values specified for the locators property, the mcast-port property defaults to 0.
Note: If you specify invalid DNS hostnames in this property, any
locators or servers started with gfsh will not
produce log files. Make sure you provide valid DNS hostnames
before starting the locator or server with
gfsh.
|
not set |
| log-disk-space-limit | Maximum size in megabytes of all inactive log files combined. If this limit is exceeded, inactive log files are deleted, oldest first, until the total size is within the limit. If set to zero, disk space use is unlimited. | 0 |
| log-file | File to which a running system member writes
log messages. If set to null, the default is used. Each member type
has its own default output:
|
null |
| log-file-size-limit | Maximum size in megabytes of a log file before it is closed and logging rolls on to a new (child) log file. If set to 0, log rolling is disabled. | 0 |
| log-level | Level of detail of the messages written to the
system member’s log. Setting log-level to one of the ordered levels
causes all messages of that level and greater severity to be printed.
Valid values from lowest to highest are fine, config, info, warning, error, severe, and none. |
config |
| max-wait-time-reconnect | Maximum number of milliseconds to wait for the distributed system to reconnect on each reconnect attempt. | 60000 |
| mcast-address | Address used to discover other members of the distributed system.
Only used if mcast-port is non-zero. This attribute must be consistent
across the distributed system.
Note: Select different multicast
addresses and different ports for different distributed systems. Do
not just use different addresses. Some operating systems may not
keep communication separate between systems that use unique
addresses but the same port number.
This default multicast address was assigned by IANA (http://www.iana.org/assignments/multicast-addresses). Consult the IANA chart when selecting another multicast address to use with GemFire.
Note: This setting controls only peer-to-peer communication and does not
apply to client/server or multi-site communication. If multicast is
enabled, distributed regions use it for most communication.
Partitioned regions only use multicast for a few purposes, and
mainly use either TCP or UDP unicast.
|
239.192.81.1 for IPv4 (the default IP version) FF38::1234 for IPv6 |
| mcast-flow-control | Tuning property for flow-of-control protocol
for unicast and multicast no-ack UDP messaging. Compound property made
up of three settings separated by commas: byteAllowance,
rechargeThreshold, and rechargeBlockMs. Valid values range from these
minimums: 10000,0.1,500 to these maximums: no_maximum ,0.5,60000.
Note: This setting controls only peer-to-peer communication,
generally between distributed regions.
|
1048576,0.25, 5000 |
| mcast-port | Port used, along with the mcast-address, for multicast communication
with other members of the distributed system. If zero, multicast is
disabled for member discovery and distribution.
Note: Select different
multicast addresses and ports for different distributed systems. Do
not just use different addresses. Some operating systems may not
keep communication separate between systems that use unique
addresses but the same port number.
Valid values are in the range 0..65535.
Note: This setting controls only peer-to-peer communication and does
not apply to client/server or multi-site communication.
If you have values specified for the locators property, the mcast-port property defaults to 0. |
10334 |
| mcast-recv-buffer-size | Size of the socket buffer used for incoming multicast transmissions.
You should set this high if there will be high volumes of messages.
Valid values are in the range 2048.. OS_maximum.
Note: The default setting is higher than the default OS maximum buffer
size on Unix, which should be increased to at least 1 megabyte to
provide high-volume messaging on Unix systems.
Note: This setting controls only peer-to-peer communication and does not
apply to client/server or multi-site communication.
|
1048576 |
| mcast-send-buffer-size | The size of the socket buffer used for outgoing multicast
transmissions. Valid values are in the range 2048.. OS_maximum.
Note: This setting controls only peer-to-peer communication and
does not apply to client/server or multi-site communication.
|
65535 |
| mcast-ttl | How far multicast messaging goes in your network. Lower settings may
improve system performance. A setting of 0 constrains multicast
messaging to the machine.
Note: This setting controls only peer-to-peer
communication and does not apply to client/server or multi-site
communication.
|
32 |
| member-timeout |
GemFire uses the
member-timeout server configuration, specified in
milliseconds, to detect the abnormal termination of members. The
configuration setting is used in two ways: 1) First it is used during
the UDP heartbeat detection process. When a member detects that a
heartbeat datagram is missing from the member that it is monitoring
after the time interval of 2 * the value of
member-timeout, the detecting member attempts to
form a TCP/IP stream-socket connection with the monitored member as
described in the next case. 2) The property is then used again during
the TCP/IP stream-socket connection. If the suspected process does not
respond to the are you alive datagram within the time period
specified in member-timeout, the membership coordinator
sends out a new membership view that notes the member's failure.
Valid values are in the range 1000..600000. |
5000 |
| membership-port-range | The range of ports available for unicast UDP
messaging and for TCP failure detection. This is specified as two
integers separated by a minus sign. Different members can use different
ranges. GemFire randomly chooses at least two unique integers from this range for the member, one for UDP unicast messaging and the other for TCP failure detection messaging. If tcp-port is configured to 0, it will also randomly select a port from this range for TCP sockets used for peer-to-peer communication only. Therefore, the specified range must include at least three available port numbers (UDP, FD_SOCK, and TCP DirectChannel). The system uniquely identifies the member using the combined host IP address and UDP port number. You may want to restrict the range of ports that GemFire uses so the product can run in an environment where routers only allow traffic on certain ports. |
1024-65535 |
| memcached-port | If specified and is non-zero, sets the port number for an embedded Gemcached server and starts the Gemcached server. | 0 |
| memcached-protocol | Sets the protocol used by an embedded Gemcached server. Valid values are BINARY and ASCII. If you omit this property, the ASCII protocol is used. | ASCII |
| name | Symbolic name used to identify this system member. | not set |
| redundancy-zone | Defines this member's redundancy zone. Used to separate member's into different groups for satisfying partitioned region redundancy. If this property is set, GemFire will not put redundant copies of data in members with the same redundancy zone setting. See Configure High Availability for a Partitioned Region for more details. | not set |
| remote-locators | Used to configure the locators that a cluster will use in order to
connect to a remote site in a multi-site (WAN) configuration. To use
locators in a WAN configuration, you must specify a unique distributed
system ID (distributed-system-id) for the local cluster
and remote locator(s) for the remote clusters to which you will connect.
For each remote locator, provide a host name and/or address
(separated by ‘@’, if you use both), followed by a port number in
brackets. Examples:
remote-locators=address1[port1],address2[port2] remote-locators=hostName1@address1[port1],hostName2@address2[port2] remote-locators=hostName1[port1],hostName2[port2] |
not set |
| remove-unresponsive-client | When this property is set to true, the primary server drops unresponsive clients from all secondaries and itself. Clients are deemed unresponsive when their messaging queues become full on the server. While a client's queue is full, puts that would add to the queue block on the server. | false |
| roles | Comma-delimited list of strings specifying the
membership roles that this member performs in the distributed system.
Note that this property has been deprecated in favor of member
groups.
Note: Anything defined in this property will be considered a
"group" as defined in the groups property
above.
|
not set |
| security-* | Used for authentication. Any custom properties
needed by your AuthInitialize or
Authenticator callbacks.
Note: Any security-related
(properties that begin with security-*)
configuration properties that are normally configured in
gemfire.properties can be moved to a separate
gfsecurity.properties file. Placing these
configuration settings in a separate file allows you to restrict
access to security configuration data. This way, you can still allow
read or write access for your gemfire.properties
file.
|
not set |
| security-client-accessor | Used for authorization. Static creation method returning an AccessControl object, which determines authorization of client-server cache operations. This specifies the callback that should be invoked in the pre-operation phase, which is when the request for the operation is received from the client. | not set |
| security-client-accessor-pp | Used for authorization. The callback that should be invoked in the post-operation phase, which is when the operation has completed on the server but before the result is sent to the client. The post-operation callback is also invoked for the updates that are sent from server to client through the notification channel. | not set |
| security-client-auth-init | Used for authentication. Static creation method returning an AuthInitialize object, which obtains credentials for peers in a distributed system. The obtained credentials should be acceptable to the Authenticator specified through the security-peer-authenticator property on the peers. | not set |
| security-client-authenticator | Used for authentication. Static creation method returning an Authenticator object, which is used by a peer to verify the credentials of the connecting peer. | not set |
| security-client-dhalgo | Used for authentication. For secure transmission of sensitive credentials like passwords, you can encrypt the credentials using the Diffie-Hellman key exchange algorithm. Do this by setting the security-client-dhalgo system property on the clients to the name of a valid symmetric key cipher supported by the JDK. | not set |
| security-log-file | Used with authentication. The log file for security log messages. If not specified, the member's regular log file is used. | not set |
| security-log-level | Used with authentication. Logging level detail
for security log messages. Valid values from lowest to highest are fine, config, info, warning, error, severe, and none. |
config |
| security-peer-auth-init | Used with authentication. Static creation method returning an AuthInitialize object, which obtains credentials for peers in a distributed system. The obtained credentials should be acceptable to the Authenticator specified through the security-peer-authenticator property on the peers. | not set |
| security-peer-authenticator | Used with authentication. Static creation method returning an Authenticator object, which is used by a peer to verify the credentials of the connecting peer. | not set |
| security-peer-verifymember-timeout | Used with authentication. Timeout in milliseconds used by a peer to verify membership of an unknown authenticated peer requesting a secure connection. | 1000 |
| server-bind-address | Relevant only for multi-homed hosts - machines with multiple network
interface cards. Network adapter card a GemFire
server binds to for client/server communication. You can use this to
separate the server’s client/server communication from its peer-to-peer
communication, spreading the traffic load. This is a machine-wide attribute used for communication with clients in client/server and multi-site installations. This setting has no effect on locator configuration. Specify the IP address, not the hostname, because each network card may not have a unique hostname. An empty string causes the servers to listen on the same card used for peer-to-peer communication. This is either the bind-address or, if that is not set, the machine’s default card. |
not set |
| server-ssl-ciphers | A space-separated list of the valid SSL ciphers for client/server connections. A setting of 'any' uses any ciphers that are enabled by default in the configured JSSE provider. If this property is not set, then GemFire uses the value of cluster-ssl-ciphers to determine which ciphers are used for client connections. See Configuring SSL. | value of cluster-ssl-ciphers |
| server-ssl-enabled | Enables or disables SSL for client/server connections. If this property is not set, then GemFire uses the value of cluster-ssl-enabled to determine whether client connections use SSL. See Configuring SSL. | value of cluster-ssl-enabled |
| server-ssl-protocols | A space-separated list of the valid SSL protocols for client/server connections. A setting of 'any' uses any protocol that is enabled by default in the configured JSSE provider. If this property is not set, then GemFire uses the value of cluster-ssl-protocols to determine which SSL protocols are used for client connections. See Configuring SSL. | value of cluster-ssl-protocols |
| server-ssl-require-authentication | Boolean indicating whether to require authentication for client/server connections. If this property is not set, then GemFire uses the value of cluster-ssl-require-authentication to determine whether client connections require authentication. See Configuring SSL. | value of cluster-ssl-require-authentication |
| socket-buffer-size | Receive buffer sizes in bytes of the TCP/IP connections used for data transmission. To minimize the buffer size allocation needed for distributing large, serializable messages, the messages are sent in chunks. This setting determines the size of the chunks. Larger buffers can handle large messages more quickly, but take up more memory. | 32768 |
| socket-lease-time | Time, in milliseconds, a thread can have
exclusive access to a socket it is not actively using. A value of zero
causes socket leases to never expire. This property is ignored if
conserve-sockets is true. Valid values are in the range 0..600000. |
60000 |
| ssl-ciphers, ssl-enabled, ssl-protocols, ssl-require-authentication | Deprecated. Use cluster-ssl-ciphers, cluster-ssl-enabled, cluster-ssl-protocols, or cluster-ssl-require-authentication instead. | Deprecated |
| start-dev-rest-api | If set to true, then the developer REST API service will be started when cache is created. REST service can be configured using http-service-port and http-service-bind-address properties. | false |
| start-locator | If set, automatically starts a locator in the
current process when the member connects to the distributed system and
stops the locator when the member disconnects. To use, specify the
locator with an optional address or host specification and a
required port number, in one of these formats:
If not already there, this locator is automatically added to the
list of locators in this set of gemfire properties. start-locator=address[port1] start-locator=port1If you only specify the port, the address assigned to the member is used for the locator. |
not set |
| statistic-archive-file | The file to which the running system member writes statistic samples. For example: "StatisticsArchiveFile.gfs". An empty string disables archiving. Adding .gz suffix to the file name causes it to be compressed. | not set |
| statistic-sample-rate | How often to sample statistics, in
milliseconds. Valid values are in the range 100..60000. |
1000 |
| statistic-sampling-enabled | Whether to collect and archive statistics on
the member. Statistics sampling provides valuable information for ongoing system tuning and troubleshooting purposes. Sampling statistics at the default sample rate does not impact system performance. We recommend enabling statistics sampling in production environments.
Note: This setting does not apply to partitioned regions, where
statistics are always enabled.
|
false |
| tcp-port | The TCP port to listen on for cache
communications. If set to zero, the operating system selects an
available port. Each process on a machine must have its own TCP port.
Note that some operating systems restrict the range of ports usable by
non-privileged users, and using restricted port numbers can cause
runtime errors in GemFire startup. Valid values are in the range 0..65535. |
0 |
| tombstone-gc-threshold | The number of tombstones that can accumulate before the GemFire member triggers garbage collection for tombstones. See How Destroy and Clear Operations Are Resolved. | 100000 |
| udp-fragment-size | Maximum fragment size, in bytes, for
transmission over UDP unicast or multicast sockets. Smaller messages are
combined, if possible, for transmission up to the fragment size setting.
Valid values are in the range 1000..60000. |
60000 |
| udp-recv-buffer-size | The size of the socket buffer used for incoming
UDP point-to-point transmissions. If disable-tcp is false, a reduced
buffer size of 65535 is used by default. The default setting of 1048576 is higher than the default OS maximum buffer size on Unix, which should be increased to at least 1 megabyte to provide high-volume messaging on Unix systems. Valid values are in the range 2048.. OS_maximum. |
1048576 |
| udp-send-buffer-size | The size of the socket buffer used for outgoing
UDP point-to-point transmissions. Valid values are in the range 2048..OS_maximum. |
65535 |
| use-cluster-configuration | This property is only applicable for data members (non-client and non -ocator). A value of "true" causes a member to request and use the configuration from cluster configuration services running on dedicated locators. Setting this property to "false" causes a member to not request the configuration from the configuration services running on the locator(s). | true |
| user-command-packages | A comma separated list of Java packages that contain classes implementing the CommandMarker interface. Matching classes will be loaded when the VM starts and will be available in the GFSH command-line utility. | not set |