2.6.2 Container Properties

This section describes properties that are typically set on a container level and applicable to the Platform, EC/ECSAs and SCs.


PropertyDescription
mz.httpd.security

Default value: ""

This property enables HTTP communication protected by TLS (i e HTTPS).

mz.httpd.security.keystore

Default value: ""

This property specifies the path to the keystore that is used for HTTP/TLS.

mz.httpd.security.keystore.password

Default value: ""

This property must contain the password to the keystore specified in mz.httpd.security.keystore.

mz.httpd.security.key.alias

Default value: ""

This property specifies which of the keys in the keystore that should used for HTTP/TLS (if there are more than one). HTTP will prefer to use the key with this keystore alias. If it is not set and the keystore contains more than one private key, it is undefined which key is used.

mz.httpd.security.key.password

Default value: ""

This property must contain the password to the key to the key that is used for HTTP/TLS. By default (in keytool), this is the same as the keystore password.

pico.rcp.server.bind_interfaces

Default value: ""

When you set the property pico.rcp.server.host, pico instances will only bind to the interface associated with that IP address.

Due to the network configuration, it may be required by pico instances to bind to additional interfaces. You can specify these by specifying a comma-separated list of IP address or hostnames in the property pico.rcp.server.bind_interfaces. It is also possible to set this property to the value ALL to ensure that the pico instances will bind to all interfaces, even though pico.rcp.server.host has been set.

If you have not set pico.rcp.server.host, the property pico.rcp.server.bind_interfaces will have no effect.

Example - Using pico.rcp.server.bind_interfaces

An EC named ec1 has one external and one internal IP address.

Other ECs will have to use the hostname ec1host to be able to connect. The name ec1host maps to either the external or internal IP address depending on the client location in the network.

To ensure that all connection attempts will use the hostname, you set the property pico.rcp.server.host to ec1host. This will then cause the ec1 to only bind to ec1host which will map to the internal IP address, since this is the local context.

If an other EC on the external network, ec2 in this example, tries to connect to ec1, it will use the hostname ec1host which maps to the external IP. This will fail.

To ensure connectivity you need to set pico.rcp.server.bind_interfaces to the external IP address or ALL to ensure that the incoming connection attempt from ec2 will succeed.

pico.rcp.server.host

Default value: ""

This property specifies the IP address or hostname of the pico instances. It will be used to determine the interface that the pico instances must bind to and the IP address/hostname that will be used by connecting processes.

When you enter the hostname as the value of this property, if a failover occurs, the hostname is retrieved from the DNS enabling reconnection. If you enter the IP address as the value of this property, if it is a static IP address, reconnection issues may occur if the IP address changes.

When the value of this property is left blank, the pico instance will bind to all IP addresses of the host. This means that the pico will listen for inbound network traffic on all network interfaces, and may attempt to use any local IP address for outbound network traffic.

Note!

If there is more than one IP address for the host, this property has to be set with the correct IP address. Make sure to set the property if you use IPv6, or if a high availability environment is configured. For information about high availability, see 2.6.6 High Availability Properties.

Note!

When pico.rcp.server.host is set in the Platform Container, the value must be identical to pico.rcp.platform.host.

pico.rcp.tls.keystore

Default value: ""

This property specifies the path to a keystore and enables the system to use TLS for all RCP connections that are not from the local host. If this property is not set, TLS will not be used.

pico.rcp.tls.keystore.alias

Default value: ""

This property specifies which of the keys in the keystore that should used for RCP/TLS (if there are more than one). RCP will prefer to use the key with this keystore alias. If it is not set and the keystore contains more than one private key, it is undefined which key is used.

pico.rcp.tls.keystore.password

Default value: ""

This property must contain the password to the keystore specified in pico.rcp.tls.keystore.

pico.rcp.tls.key.password

Default value: ""

This property must contain the password to the key that is used for RCP/TLS. By default (in keytool), this is the same as the keystore password.

pico.rcp.tls.require_clientauth

Default value: false

This property specifies if client authentication is required when these are not running on the local host.                            

pico.tmpdir

Default value: MZ_HOME/tmp

This property specifies the temp directory you want to use for your picos.

pico.upgrade_history 

Default value: ${mz.home}/upgrade_history

This property specifies the directory where the new and old versions of packages are patched into the system are stored.

rest.client.max.chunk.size

Default value: "8m"

This property specifies the maximum chunk size of the HTTP response that the REST Client agent should receive from the server. The agent will reject data with sizes that are larger than the value defined by this property.

You can also set this property on the pico level, where the value is only applied to the defined EC. You can refer to 2.6.3 Execution Context Properties for more information.

rest.client.max.content.length

Default value: "64m"

This property specifies the maximum length of the HTTP content received by the REST Client agent. The agent will reject content that is longer than the specified value defined by this property. Although it is also possible to set the value of this property to infinite, there will be a possibility where the EC will crash from an out of memory error. So do consider setting the memory size of the EC to be higher than the expected size of the HTTP content that the agent will be receiving.

You can also set this property on the pico level, where the value is only applied to the defined EC. You can refer to 2.6.3 Execution Context Properties for more information.