Configuration
Server
Field |
Description |
Mandatory |
|---|---|---|
ip |
A string representation of an IP address or a host name to bind to. Both IPv4 or IPv6 are supported. If the host name is specified the server is bound to both the IPv4 and IPv6 addresses that result from a DNS lookup. |
yes |
port |
A port to bind to. |
yes |
out_stream |
A configuration how to write to ZeroMQ socket. See sink configuration. |
yes |
tls |
TLS settings. See server TLS settings configuration. |
no |
auth |
Authentication settings. See server authentication settings configuration. |
no |
statistics |
Statistics settings. See statistics configuration. |
no |
Client
Field |
Description |
Mandatory |
|---|---|---|
ip |
A string representation of an IP address or a host name to bind to. Both IPv4 or IPv6 are supported. If the host name is specified the server is bound to both the IPv4 and IPv6 addresses that result from a DNS lookup. |
yes |
port |
A port to bind to. |
yes |
url |
Media Gateway server URL. |
yes |
retry_strategy |
A strategy how to retry to send a message to Media Gateway server. The default value is an exponential strategy with the initial delay 1 ms, the maximum delay 1 sec and the multiplier 2. See retry strategy configuration. |
no |
in_stream |
A configuration how to read from ZeroMQ socket. See source configuration. |
yes |
wait_strategy |
A strategy how to wait for data from ZeroMQ socket. The default value is 1 ms sleep strategy. See wait strategy configuration. |
no |
tls |
TLS settings. See client TLS settings configuration. |
no |
auth |
Authentication settings. See client authentication settings configuration. |
no |
statistics |
Statistics settings. See statistics configuration. |
no |
Subconfigurations
Duration
A duration is specified as a composition of a whole number of seconds and a fractional part represented in nanoseconds.
Field |
Description |
Mandatory |
|---|---|---|
secs |
Duration seconds |
yes |
nanos |
Duration nanoseconds |
yes |
Sink
A configuration how to write to ZeroMQ socket.
Field |
Description |
Mandatory |
Default value |
|---|---|---|---|
url |
The URL in Savant ZMQ format. |
yes |
|
send_timeout |
The timeout for sending data. The default value is ok for most cases. See duration configuration. |
no |
|
send_retries |
The number of retries for sending data. The default value is ok for most cases. For unstable or busy recipients the value might be increased. |
no |
|
receive_timeout |
The timeout for receiving data. Valid only for |
no |
|
receive_retries |
The number of retries for receiving data (crucial for req/rep communication). The default value is ok for most cases. For unstable or busy senders the value might be increased. |
yes |
|
send_hwm |
The high-water mark for sending data. This parameter is used to control backpressure. Consult with ZeroMQ documentation for more details. |
no |
|
receive_hwm |
The high-water mark for receiving data. This parameter is used to control backpressure. Consult with ZeroMQ documentation for more details. Change only if you are using req/rep communication. |
no |
|
fix_ipc_permissions |
UNIX file permissions for IPC sockets. |
no |
Source
A configuration how to read from ZeroMQ socket.
Field |
Description |
Mandatory |
|---|---|---|
url |
The URL in Savant ZMQ format. |
yes |
receive_timeout |
The timeout for receiving data. The default value is ok for most cases. See duration configuration. |
yes |
receive_hwm |
The high-water mark for receiving data. This parameter is used to control backpressure. Consult with ZeroMQ documentation for more details. |
yes |
topic_prefix_spec |
The topic prefix specification for receiving data. Possible values are |
yes |
source_cache_size |
The size of the whitelist cache used only when prefix-based filtering is in use. This parameter is used to quickly check if the source ID is in the whitelist or must be checked. |
yes |
fix_ipc_permissions |
UNIX file permissions for IPC sockets. |
no |
inflight_ops |
The maximum number of read messages for non-blocking mode. |
yes |
Retry strategy
Field |
Description |
Mandatory |
|---|---|---|
exponential |
Settings for exponential retry strategy. |
true |
Exponential retry strategy
The strategy executes next attempt after the delay which is calculated for each attempt. The delay for the first attempt is the initial delay. The delay for subsequent attempts is calculated as maximum between multiplication of last attempt delay by the specified multiplier and the maximum delay.
Field |
Description |
Mandatory |
|---|---|---|
initial_delay |
The delay with nanosecond precision for the first attempt. See duration configuration. |
true |
maximum_delay |
The maximum delay with nanosecond precision. See duration configuration. |
true |
multiplier |
A multiplier to calculate the delay for next attempt by multiplying last attempt delay. The minimum value is 2. |
true |
Wait strategy
Yield wait strategy
A strategy that pauses execution using Tokio yield_now. The strategy does not have configuration parameters and is specified as the string yield.
Sleep wait strategy
A strategy that pauses execution using tokio_timerfd sleep for the specified duration with nanosecond precision.
Field |
Description |
Mandatory |
|---|---|---|
sleep |
A duration with nanosecond precision to sleep. See duration configuration. |
true |
Cache
Cache configuration.
Field |
Description |
Mandatory |
|---|---|---|
size |
The maximum number of entries. |
yes |
usage |
Cache usage settings. See below. |
no |
Cache usage
Field |
Description |
Mandatory |
|---|---|---|
period |
A period with millisecond precision to collect data before calculating usage metrics. See duration configuration. |
yes |
evicted_threshold |
A number of cache entries allowed for eviction for the period. |
yes |
Identity
An identity represents a private key and X509 certificate.
Field |
Description |
Mandatory |
|---|---|---|
certificate |
A path to the file with a chain of PEM encoded X509 certificates, the first being the leaf certificate, and the remainder forming the chain of certificates up to and including the trusted root certificate. |
yes |
key |
A path to the file with a PEM encoded private key. |
yes |
Credentials
Credentials represent a username and password.
Field |
Description |
Mandatory |
|---|---|---|
username |
A username. |
yes |
password |
A password. |
yes |
Client TLS settings
TLS settings used by the client to connect to the server.
Field |
Description |
Mandatory |
|---|---|---|
root_certificate |
A path to the file with a PEM encoded X509 certificate against which to verify the server’s TLS certificate. The file might contain a chain of CA certificates, the first being the leaf certificate, and the remainder forming the chain of certificates up to and including the trusted root certificate. For the server with the self-signed certificate the file contains the certificate itself. |
no |
identity |
An identity to be presented to the server for client certificate authentication. See identity configuration. |
no |
Server TLS settings
TLS settings for the server.
Field |
Description |
Mandatory |
|---|---|---|
identity |
An identity to be presented to peers. See identity configuration. |
yes |
peers |
Settings for peer certificate verification. See below. |
no |
Peer certificate verification settings
Field |
Description |
Mandatory |
|---|---|---|
lookup_hash_directory |
A directory with allowed certificates and CRLs. See X509_LOOKUP_hash_dir method for more details. |
yes |
crl_enabled |
|
yes |
Client authentication settings
Authentication settings for the client.
Field |
Description |
Mandatory |
|---|---|---|
basic |
Credentials used to connect to Media Gateway server. See credentials configuration. |
true |
Server authentication settings
Authentication settings for the server.
Field |
Description |
Mandatory |
|---|---|---|
basic |
Settings for HTTP Basic authentication. See below. |
true |
HTTP Basic authentication settings
Field |
Description |
Mandatory |
|---|---|---|
etcd |
etcd configuration. See below. |
true |
cache |
Settings for authentication caching structures. See cache configuration section. |
true |
quarantine |
Settings for authentication quarantine. See below. |
false |
etcd
Field |
Description |
Mandatory |
|---|---|---|
urls |
A list of etcd server endpoints to connect to. |
true |
tls |
TLS options to use while connecting to etcd servers. See client TLS settings configuration. |
false |
credentials |
Credentials for basic authentication in etcd. See credentials configuration. |
false |
path |
The path of the hierarchically organized directories (as in a standard filesystem) for the stored key/value(-s). |
true |
data_format |
The format of the data stored in etcd. Possible values are |
true |
connect_timeout |
A timeout with millisecond precision for each request to etcd. See duration configuration. |
true |
lease_timeout |
A timeout with millisecond precision to hold keys if the etcd server does not receive a keepAlive. See duration configuration. |
true |
cache |
Settings for user data cache. See cache configuration section. |
true |
authentication quarantine
Field |
Description |
Mandatory |
|---|---|---|
failed_attempt_limit |
A number of failed attempts after which a quarantine will start for a user. |
true |
period |
A period to quarantine a user. See duration configuration. |
true |
Statistics
Statistics settings.
Field |
Description |
Mandatory |
|---|---|---|
frame_period |
A number of frames to collect before calculating statistics metrics. |
no* |
timestamp_period |
A period with millisecond precision to collect data before calculating statistics metrics. See duration configuration. |
no* |
* exactly one of frame_period and timestamp_period must be specified.
Environment variables in configuration files
Environment variables can be used in the configuration file. The syntax is ${VAR_NAME:-default_value}. If the environment variable is not set, the default value will be used.
Examples
Examples of configuration files can be found here.