...
The order of the elements in the configuration file is important. Properties are required or optional.
Required Node Configuration Properties | Description | Default |
<version> | Describes the human-readable version of SPIN on which this node is running. |
|
<nodeName> | Describes the human-readable node nam |
|
Optional elements | If these elements are omitted, the defaults apply. | Default: |
---|---|---|
<isAuthenticator> | Can this node authenticate users? | False |
<isBroadcaster> | Should this node propagate the queries it receives to other nodes. | True |
<isAggregator> | Identifies if this node should aggregate responses from other nodes. | False, if the node is not the root of a heierarchy, otherwise true. |
<isQueryable> | Identifies if this node should respond to queries. | True. Set to false if the node should only broadcast queries and aggregate results, for example. |
<identityServiceClass> | Identifies the fully-qualified name of the JVM class used to authenticate users based on credentials. Only required if <isAuthenticator> is true. The supplied class, if present, must implement org.spin.query.message.identity.IdentityService. | Null |
<queries> | dentifies the queries, other than the basic queries, to which nodes respond. Each maps a queryType string to the fully-qualified name of a JVM class that implements that query. For each <queries> element, the <queryType> and <className> sub-elements are required. May be present zero or more times. | no additional queries |
<certificationTTL> | When clients query a SPIN network, the queries must be digitally signed. Nodes examine queries when they are received and respond only if the digital signature is valid and not expired. The <certificationTTL> element describes, in milliseconds, how old a signature can be before being considered invalid due to expiration. | 3600000, or one hour) |
<cacheTTL> | In some circumstances, SPIN caches the results of queries to allow clients to retrieve them at a later time. However, results that are unclaimed after some period are purged automatically. Specified, in milliseconds, by the <cacheTTL> element. | 3600000, or one hour |
...
Required Elements | Description | Default Value |
---|---|---|
<File> | The file containing the keystore---<file>/opt/spin/main/conf/spin.keystore</file>Path, either absolute or relative, to the keystore file containing cryptographic certificates. |
|
<Password> | Password for the file referenced by the <file> element.<password>spinkeystore</password> |
|
Optional elements | The alias of the node's public/private keypair is optional. If no keyAlias is specified but a single public/private keypair exists, the alias of the keypair is used. |
|
<keyAlias> | Identifies the alias of the certificate containing this node's private key. If more than one public/private keypair is contained in the referenced keystore, this element can be used to choose one. If only one public/private keypair exists in the referenced keystore, Spin choses that keypair, and this element is optional. | Null. Node tries to detect the public/private keypair. |
<caPublicKeyAlias> | May be present 0 or more times. The aliases of the public keys of certificate authorities that this node trusts. If a node trusts a particular certificate authority by importing the CA's public cert into the node's keystore and referencing it with the <caPublicKeyAlias> element, the node will implicitly trust all queriers for which the CA vouches. | Null. No CAs are trusted. |
<attachCertificateToSignature> | Relevant only if a <caPublicKeyAlias> element (or elements) is present. If set to true, then the public cert of the CA that vouched for a querier is attached to outbound queries. | False |
<setSystemProperties> | Work around some failures with establishing SSL connections by modifying JVM-wide settings. Set to true as a last resort when troubleshooting SSL/HTTPS communication. This element is deprecated and will likely go away in a future release of SPIN. | False |
<keystoreType> | The format of the referenced keystore file; See org.spin.tools.config.KeyStoreType for allowed values (currently 'JKS' and 'PKCS12') | JKS (Default) or PKCS12. |
...