The command line parameters for as-agent allow you to specify configuration parameters that control how the agent functions.
Parameter Description
-metaspace <metaspace_name> Specifies the name of the metaspace that as-agent is to join.
-discovery <url> / <url_list> Specifies the discovery URL to be used to discover the space. The discovery URL format can have the following formats:
● tcp://interface:port;interface2:port2;interface3:port3—Specifies TCP discovery.
● tibpgm://dport/interface;multicast/
key1=value1;key2=value2;key3=value3—specifies TIBCO PGM discovery. This is the default value
For more information on the -discovery parameter, see the documentation for the discovery parameter that is used with the with the as-admin connect command (see connect).
-listen <url> Specifies a listen URL for the as-agent. The default value is TCP.
For more information, see the description of the listen parameter that is used with the with the as-admin connect command (see connect).
-remote_listen <url> Specifies a remote listen URL that is used to contact a remote client and accept incoming remote client connections. The URL format is:
tcp://interface:remote_listen_port
-log (optional) Specifies the path to the log file and the log file name.
If you include the parameter -log <log_file>, then the log filename will be <log_file>-<processid>.log. For example, if you enter -log as, then the log filename is as-<processid>.log.
-log_debug Specifies a debug log level that controls the level of log messages written to the log file, To specify a log level, enter:
-log_debug <LogLevel>
The log levels are as follows:
1 = ERROR_LEVEL 2 = WARNING_LEVEL 3 = INFO_LEVEL
The default is 3 (INFO_LEVEL). The log information is written to the log. If a log file is not specified, then the debug (log level) value is ignored.
-log_limit Specifies the maximum log file size in bytes before rollover. If log file rollover is configured, a new log file is started when the log file limit is reached.
Parameter Description
-log_count Specifies the number of log files that can be created. the default is one log file. If rolling logs are enabled, specifies the maximum number of log files.
-log_append Specifies whether data can be appended to the log file. The default value is true.
-debug <log_level> Specifies a debug log level that controls which level of log messages are written to console. For more details, see
-log_debug. -advisory_level
<advisory_level> Not implemented in the current release.
-member_name
<membername> Specifies a member name for the member. This helps to identify which member name is associated with which member ID. The show members command displays the member name if one has been assigned; otherwise, a default member name is assigned that is constructed from the member ID.
-data_store <directory path> If you are using shared-nothing persistence, specifies the directory where persistence data is stored.
-worker_thread_count <count> Specifies number of threads that can be used for program
invocation. Default is 32, meaning you can have 32 invocations in parallel.
-rx_buffer_size <size> Specifies the TCP buffer size for receiving data. The default value is 2 MB. If an application is using large tuples, this value can be increased accordingly. If the value is smaller than what is needed to receive over the connection, then a dynamic buffer is allocated during the lifetime of the message. It is better to use a large value to avoid a context switch from a dynamic to a static buffer -security_policy <string> If TIBCO ActiveSpaces security is implemented and you are
connecting from a domain security controller node, specify the security_policy parameter and provide the directory path and filename for the policy file. If you specify a policy file, do not specify the security_token parameter.
-security_token <string> Specifies the token file for a security domain requestor that must be authenticated by a security domain controller. If TIBCO ActiveSpaces security is implemented and you are connecting from a requestor node, and the metaspace to which you are connecting requires a token file, specify the security_token parameter and provide the directory path and filename for the token file. If you specify a token file, do not specify the
security_policy parameter.
The following example shows how to start as-agent as a requestor node with security enabled:
java -jar as-agent.jar -metaspace ms -security_token
"exdomain_token.txt"
Remember that LDAP authentication is supported only with Java agents or the Java API.
-authentication_domain
<string> The name of the windows domain to log into. If local/ntlm account (as per the controller), “.” can be used. If not windows, it will be ignored
-authentication_username
<string> The authentication username of the user account.
-authentication_keyfile
<string> The pkcs12 keyfile location of the user to be logged in as (sasl/
external x509 ldap auth) -authentication_password
<string> The authentication password of the user account to be logged in as or the password of the pkcs12 key file if x509 auth is used.
-identity_password <string> The policy's security domain's or the token's identity password if the identity is encrypted
-monitor_system true |false
OR <boolean> The -monitor_system parameter allows you to enable the system monitor on the specified member to start and advertise its performance statistics in its joined metaspace(s) scope.
To start performance monitoring with as-agent or as-admin, start the utility with the -monitor_system parameter set to true, for example:
as-agent -monitor_system true The default value is false. -input <filepath> The -input parameter allows you to pass a file containing Admin
CLI commands as input to as-agent
-admin Runs the as-agent utility and displays a command window which accepts Admin CLI commands.
-member_timeout Specifies the time in milliseconds to wait for a member to reconnect. The default is 30000.
-cluster_suspend_threshold Specifies the lost hosts allowed before membership operations are suspended. By default, it is not suspended.
Parameter Description
-connect_timeout Specifies the time to wait to connect to the metaspace.
-autojoin.role When as-agent is run, it first connects to the metaspace and then joins any new or existing spaces in the metaspace as a seeder for each space. The -autojoin.role option allows you to override that behavior and have the as-agent always join spaces as a leech.
For example, as-agent -autojoin.role leech. This setting is typically used when starting an as-agent that will only act as a proxy for remote clients.
The member name that you specify with the -member_name parameter can be the member name; or, if you are implementing host-aware replication, can specify a member name in the form a.b, where a specifies the name of a region, for example region1, and b specifies the name of a seeder running in that region, in effect, on the same host.
For information on deploying host-aware replication, see Host-Aware Replication.
For more details about discovery and listen URLs, see TIBCO ActiveSpaces Developer’s Guide.
The as-convert utility converts ActiveSpaces shared-nothing files from one format (or one version) to another (usually higher).
The utility does the following:
● If a file name is provided, processes that file and prints out the result.
● If a space name is provided along with the metaspace name, converts all files that belong to that space.
● If a member name is provided along with the space name and metaspace name, converts files for that member only.
● If a metaspace name is provided, the utility does the above for each space that is part of the metaspace.
● If no argument is provided, processes the entire data store — reads each subdirectory and converts all files.
The dry_run option will just touch the files and identify the files that are older than the current version. This option is good for estimating how many files need conversion.
If you are upgrading from release 2.0.x to release 2.1.x or higher, then you must run the as-convert utility to upgrade shared-nothing persistence files to the format for newer releases. The
as-convert.exe file is located in the following directory: AS_HOME/bin
Before you run as-convert, stop all as-agents and seeders. The as-convert utility must be run off-line.
Command Syntax
as-convert -data_store <directory_path> -metaspace <metaspace_name> -space
<space_name>
-member_name <membername> -file <file_name> -compact -dry_run -verbose -log
<log_file> -debug <log_level>
The following table describes the parameters for as-convert. Parameters for as-convert
Parameter Usage
-data_store directory_path specifies the path to the data store to convert.
-metaspace To specify conversion of the data files for all of the spaces defined for a metaspace, specify a metaspace name.
-space To specify conversion of the data files for a specific space within the metaspace, specify the space name with the -space parameter and the metaspace name with the -metaspace parameter.
-member_name To specify conversion of the data files for a specific space member, specify the member name with the -member_name parameter, the space name with the -space parameter, and the metaspace name with the -metaspace
parameter.
Parameter Usage
-file To specify conversion of a specific file, specify the filename with the -file parameter, the data store path with the -data_store parameter, and the metaspace name with the -metaspace parameter.
-compact Deletes any white spaces in converted file. White spaces can be added to the data file as a result of processing Takes, which delete data.
-dry_run To run the utility without actually converting the data store and output informational messages, include the -dry_run parameter.
-help Outputs a summary of the command syntax for as-convert. -verbose Causes output of more information.
-log Specifies the name of a log file to which to write log information
-debug Specifies the log level for messages output by the utility.
ActiveSpaces provides the as-admin utility to configure and administer the security aspect of ActiveSpaces. You can also use the ActiveSpaces API to manage access to secured metaspaces.
Basic Entities Involved in Security
Configuring and maintaining security involves the following elements:
as-admin utility
Sets discovery parameters, generates and maintains security configuration files.
policy files
Specifies security settings across metaspaces, binds metaspaces to security domains.
token files
Define connection parameters to secured metaspaces.
ActiveSpaces API
Sets up and manages access to secured metaspaces.
Main Tasks for Setting Up Security
Table 36, Tasks for Setting Up Security lists the main tasks for setting up ActiveSpaces security.
Tasks for Setting Up Security
Task See
Create a Policy
File Creating a Security Policy File
Edit the Policy
file Edit a Security Policy File
Set up Data
Encryption TIBCO ActiveSpaces allows you to specify encryption of tuple data for fields that have been defined as secure data fields.
Data encryption is set up in the policy file for each domain and by using the TIBCO ActiveSpaces security API functions.
For detailed information on implementing data encryption, see TIBCO ActiveSpaces Developer’s Guide.
Validate the Security Policy file
Validating a Security Policy File
Create a
Security Token Creating a Security Token Validate a
Security Token Validating a Security Token File
Task See Set up
Authorization If you want to provide granular authorization, ActiveSpaces allows you to use using Access Control Lists (ACLs) to set up authorization scopes, rights, and privileges.
For information on setting up authorization, see TIBCO ActiveSpaces Developer’s Guide.
You can start a security domain requestor with a token file, if you have deployed token files for your security installation, or you can start a requestor without a token file if you have implemented security without a token file.
You can start the domain requestor without specifying a security token filename.
For example:
connect name "ms" discovery "tcp://127.0.0.1:50000" listen "tcp://
127.0.0.2:50000" security_token "none"
To start security domain requestor with a token file see Starting a Security Domain Requestor with a Token File.