You use the gemfire.properties settings to join a distributed system and configure system member behavior. Distributed system members include applications, the cacheserver, the locator, and other GemFire processes.
You can place security-related (properties that begin with security-*) configuration properties that are normally configured in gemfire.properties in a separate gfsecurity.properties file. Placing these configuration settings in a separate file allows you to restrict access to security configuration data. This way, you can still allow read or write access for your gemfire.properties file.
You can specify non-ASCII text in your properties files by using Unicode escape sequences. See Using Non-ASCII Strings in vFabric GemFire Property Files for more details.
| Setting | Definition | Default |
|---|---|---|
| ack-severe-alert-threshold | Number of seconds the distributed system will wait after the ack-wait-threshold for a message to be acknowledged before it issues an alert at severe level. A value of zero disables this feature. | 0 |
| ack-wait-threshold | Number of seconds a distributed message can wait for
acknowledgment before it sends an alert to signal that something might be wrong
with the system member that is unresponsive.
The waiter continues to wait. The alerts are logged in the system member’s log as warnings. Valid values are in the range 0...2147483647 |
15 |
| archive-disk-space-limit | Maximum size (in megabytes) of all inactive statistic archive files combined. If this limit is exceeded, inactive archive files are deleted, oldest first, until the total size is within the limit. If set to zero, disk space use is unlimited. | 0 |
| archive-file-size-limit | The maximum size (in megabytes) of a single statistic archive file. Once this limit is exceeded, a new statistic archive file is created, and the current archive file becomes inactive. If set to zero, file size is unlimited. | 0 |
| async-distribution-timeout | The number of milliseconds a process that is publishing to
this process should attempt to distribute a cache operation before switching
over to asynchronous messaging for this process. The switch to asynchronous
messaging lasts until this process catches up, departs, or some specified limit
is reached, such as async-queue-timeout or async-max-queue-size.
To enable asynchronous messaging, the value must be set
above zero. Valid values are in the range 0...60000.
Note: This setting controls only peer-to-peer communication
and does not apply to client/server or multi-site communication.
|
0 |
| async-max-queue-size | Affects non-conflated asynchronous queues for members that
publish to this member. This is the maximum size the queue can reach (in
megabytes) before the publisher asks this member to leave the distributed
system.
Valid values are in the range 0..1024.
Note: This setting controls only peer-to-peer communication
and does not apply to client/server or multi-site communication.
|
8 |
| async-queue-timeout | Affects asynchronous queues for members that publish to
this member. This is the maximum milliseconds the publisher should wait with no
distribution to this member before it asks this member to leave the distributed
system. Used for handling slow receivers.
Note: This setting controls only peer-to-peer communication and
does not apply to client/server or multi-site communication.
|
60000 |
| bind-address | Relevant only for multi-homed hosts - machines with
multiple network interface cards. Specifies the adapter card the cache binds to
for peer-to-peer communication. Also specifies the default location for
GemFire
servers to listen on, which is used unless overridden by the
server-bind-address. An empty string causes
the member to listen on the default card for the machine. This is a
machine-wide attribute used for system member and client/server communication.
It has no effect on locator location, unless the locator is embedded in a
member process.
Specify the IP address, not the hostname, because each network card may not have a unique hostname. An empty string (the default) causes the member to listen on the default card for the machine. |
not set |
| cache-xml-file | Declarative initialization file for the member's cache. | cache.xml |
| conflate-events | Used only by clients in a client/server installation. This is a client-side property that is passed to the server. Affects subscription queue conflation in this client's servers. Specifies whether to conflate (true setting), not conflate (false), or to use the server's conflation setting (server). | server |
| conserve-sockets | Specifies whether sockets are shared by the system member’s threads. If true, threads share, and a minimum number of sockets are used to connect to the distributed system. If false, every application thread has its own sockets for distribution purposes. You can override this setting for individual threads inside your application. Where possible, it is better to set conserve-sockets to true and enable the use of specific extra sockets in the application code if needed. | true |
| delta-propagation | Specifies whether to distribute the deltas for entry updates, instead of the full values, between clients and servers and between peers. | true |
| disable-tcp | Boolean indicating whether to disable the use of TCP/IP sockets for inter-cache point-to-point messaging. If disabled, the cache uses datagram (UDP) sockets. | false |
| distributed-system-id | Identifier used to distinguish messages from different distributed systems. Set this to different values for different systems in a multi-site (WAN) configuration. This is required for Portable Data eXchange (PDX) data serialization. This setting must be the same for every member in the same distributed system and unique to the distributed system within the WAN installation. -1 means no setting. Valid values are integers in the range -1...255. | -1 |
| durable-client-id | Used only for clients in a client/server installation. If set, this indicates that the client is durable and identifies the client. The ID is used by servers to reestablish any messaging that was interrupted by client downtime. | not set |
| durable-client-timeout | Used only for clients in a client/server installation. Number of seconds this client can remain disconnected from its server and have the server continue to accumulate durable events for it. | 300 |
| enable-network-partition-detection | Boolean instructing the system to detect and handle splits in the distributed system, typically caused by a partitioning of the network (split brain) where the distributed system is running. | false |
| enable-time-statistics | Boolean instructing the system to track time-based statistics for the distributed system and caching. Disabled by default for performance. | false |
| enforce-unique-host | Whether partitioned regions will put redundant copies of the same data in different members running on the same physical machine. By default, GemFire tries to put redundant copies on different machines, but it will put them on the same machine if no other machines are available. Setting this property to true prevents this and requires different machines for redundant copies. | false |
| license-application-cache | Specifies the serial number this distributed system member will use unless a license-data-management serial number is also specified. This distributed member will attempt to activate a GemFire Application Cache Node license which allows it to be a peer-to-peer application cache node. If a license-data-management serial number is also provided, then the license-application-cache serial number may be specified as the license for cache clients connecting to this node. The keyword "dynamic" may be used to specify that the member will attempt to acquire a license from either a vFabric serial number file or a vFabric License Server. | not set |
| license-data-management | Specifies the serial number(s) this distributed system member will use. This distributed member will attempt to activate a GemFire Data Management Node license which allows it to provide advanced data management services. This includes hosting a cache server to which cache clients may connect. If you have serial numbers for the Unlimited Client Upgrade or Global WAN Upgrade, then list them after the serial number for Data Management Node separating each with a comma. If you do not have the Unlimited Client Upgrade, then you should also use license-application-cache to specify the serial number for the cache clients that will connect to this cache server. The keyword "dynamic" may be used to specify that the member will attempt to acquire a license from either a vFabric serial number file or a vFabric License Server. | not set |
| license-server-timeout | Specifies the maximum number of milliseconds
to wait for a license from a vFabric License Server when attempting to
dynamically acquire a license. This timeout is observed when using the keyword
"dynamic" for either of the licensing properties
license-data-management or
license-application-cache.
Valid values are in the range of 1000...3600000 |
10000 |
| license-working-dir | The writable directory where this member persists runtime information about licensing. Keep this directory the same between runs for each member so the member application can read what it persisted on the last run. | member's current working directory as determined by System.getProperty("user.dir") |
| locators |
The list of locators used by system members. The list must be configured consistently for every member of the distributed system. If the list is empty, locators are not used. For each locator, provide a host name and/or address
(separated by ‘@’, if you use both), followed by a port number in brackets.
Examples:
locators=address1[port1],address2[port2] locators=hostName1@address1[port1],hostName2@address2[port2] locators=hostName1[port1],hostName2[port2] Note: On multi-homed hosts, this last notation will use the
default address. If you use bind addresses for your locators, explicitly
specify the addresses in the locators list—do not use just the hostname.
|
not set |
| log-disk-space-limit | Maximum size in megabytes of all inactive log files combined. If this limit is exceeded, inactive log files are deleted, oldest first, until the total size is within the limit. If set to zero, disk space use is unlimited. | 0 |
| log-file | File to which a running system member writes log messages. If set to null, the default is used. | null |
| log-file-size-limit | Maximum size in megabytes of a log file before it is closed and logging rolls on to a new (child) log file. If set to 0, log rolling is disabled. | 0 |
| log-level | Level of detail of the messages written to the system
member’s log. Setting log-level to one of the ordered levels causes all
messages of that level and greater severity to be printed.
Valid values from lowest to highest are fine, config, info, warning, error, severe, and none. |
config |
| max-num-reconnect-tries | Used when a cache region's membership attributes specify to disconnect from the distributed system and reconnect in an attempt to regain lost membership roles. Maximum number of times to try to reconnect to the distributed system when membership roles are missing. | 3 |
| max-wait-time-reconnect | Used when a cache region's membership attributes specify to disconnect from the distributed system and reconnect in an attempt to regain lost membership roles. Maximum number of milliseconds to wait for the distributed system to reconnect on each reconnect attempt. | 10000 |
| Address used to discover other members of the distributed
system. Only used if mcast-port is non-zero. This attribute must be consistent
across the distributed system.
Note: Select different multicast addresses and different ports
for different distributed systems. Do not just use different addresses. Some
operating systems may not keep communication separate between systems that use
unique addresses but the same port number.
This default multicast address was assigned by IANA ( http://www.iana.org/assignments/multicast-addresses ). Consult the IANA chart when selecting another multicast address to use with GemFire. Note: This setting controls only peer-to-peer communication and
does not apply to client/server or multi-site communication. If multicast is
enabled, distributed regions use it for most communication. Partitioned regions
only use multicast for a few purposes, and mainly use either TCP or UDP
unicast.
|
239.192.81.1 for IPv4 (the default IP version)
FF38::1234 for IPv6 |
|
| mcast-flow-control | Tuning property for flow-of-control protocol for unicast
and multicast no-ack UDP messaging. Compound property made up of three settings
separated by commas: byteAllowance, rechargeThreshold, and rechargeBlockMs.
Valid values range from these minimums: 10000,0.1,500 to
these maximums: no_maximum ,0.5,60000.
Note: This setting controls only peer-to-peer communication,
generally between distributed regions.
|
1048576,0.25, 5000 |
| Port used, along with the mcast-address, for multicast
communication with other members of the distributed system. If zero, multicast
is disabled for member discovery and distribution.
Note: Select different multicast addresses and ports for
different distributed systems. Do not just use different addresses. Some
operating systems may not keep communication separate between systems that use
unique addresses but the same port number.
Valid values are in the range 0..65535. Note: This setting controls only peer-to-peer communication
and does not apply to client/server or multi-site communication.
|
10334 | |
| mcast-recv-buffer-size | Size of the socket buffer used for incoming multicast
transmissions. You should set this high if there will be high volumes of
messages.
Valid values are in the range 2048.. OS_maximum. Note: The default setting is higher than the default OS maximum
buffer size on Unix, which should be increased to at least 1 megabyte to
provide high-volume messaging on Unix systems.
Note: This setting controls only peer-to-peer communication and
does not apply to client/server or multi-site communication.
|
1048576 |
| mcast-send-buffer-size | The size of the socket buffer used for outgoing multicast
transmissions.
Valid values are in the range 2048.. OS_maximum.
Note: This setting controls only peer-to-peer communication
and does not apply to client/server or multi-site communication.
|
65535 |
| mcast-ttl | How far multicast messaging goes in your network. Lower
settings may improve system performance. A setting of 0 constrains multicast
messaging to the machine.
Note: This setting controls only peer-to-peer communication and
does not apply to client/server or multi-site communication.
|
32 |
| member-timeout | GemFire
uses the
member-timeout server configuration, specified
in milliseconds, to detect the abnormal termination of members. The
configuration setting is used in two ways: 1) First it is used during the UDP
heartbeat detection process. When a member detects that a heartbeat datagram is
missing from the member that it is monitoring after the time interval of 2 *
the value of
member-timeout, the detecting member attempts
to form a TCP/IP stream-socket connection with the monitored member as
described in the next case. 2) The property is then used again during the
TCP/IP stream-socket connection. If the suspected process does not respond to
the
are you alive datagram within the time period specified
in
member-timeout, the membership coordinator
sends out a new membership view that notes the member's failure.
Valid values are in the range 1000..600000. |
5000 |
| The range of ports available for unicast UDP messaging and
for TCP failure detection. This is specified as two integers separated by a
minus sign. Different members can use different ranges.
GemFire randomly chooses two unique integers from this range for the member, one for UDP unicast messaging and the other for TCP failure detection messaging. Additionally, the system uniquely identifies the member using the combined host IP address and UDP port number. You may want to restrict the range of ports that GemFire uses so the product can run in an environment where routers only allow traffic on certain ports. |
1024-65535 | |
| name | Symbolic name used to identify this system member. | not set |
| redundancy-zone | Defines this member's redundancy zone. Used to separate member's into different groups for satisfying partitioned region redundancy. If this property is set, GemFire will not put redundant copies of data in members with the same redundancy zone setting. | not set |
| remove-unresponsive-client | When this property is set to true, the primary server drops unresponsive clients from all secondaries and itself. Clients are deemed unresponsive when their messaging queues become full on the server. While a client's queue is full, puts that would add to the queue block on the server. | false |
| roles | Comma-delimited list of strings specifying the membership roles that this member performs in the distributed system. | not set |
| security-* | Used for authentication. Any custom properties needed by
your
AuthInitialize or
Authenticator callbacks.
Note: Any security-related (properties that begin with
security-*) configuration properties that
are normally configured in
gemfire.properties can be moved to a
separate
gfsecurity.properties file. Placing these
configuration settings in a separate file allows you to restrict access to
security configuration data. This way, you can still allow read or write access
for your
gemfire.properties file.
|
not set |
| security-client-accessor | Used for authorization. Static creation method returning an AccessControl object, which determines authorization of client-server cache operations. This specifies the callback that should be invoked in the pre-operation phase, which is when the request for the operation is received from the client. | not set |
| security-client-accessor-pp | Used for authorization. The callback that should be invoked in the post-operation phase, which is when the operation has completed on the server but before the result is sent to the client. The post-operation callback is also invoked for the updates that are sent from server to client through the notification channel. | not set |
| security-client-auth-init | Used for authentication. Static creation method returning an AuthInitialize object, which obtains credentials for peers in a distributed system. The obtained credentials should be acceptable to the Authenticator specified through the security-peer-authenticator property on the peers. | not set |
| security-client-authenticator | Used for authentication. Static creation method returning an Authenticator object, which is used by a peer to verify the credentials of the connecting peer. | not set |
| security-client-dhalgo | Used for authentication. For secure transmission of sensitive credentials like passwords, you can encrypt the credentials using the Diffie-Hellman key exchange algorithm. Do this by setting the security-client-dhalgo system property on the clients to the name of a valid symmetric key cipher supported by the JDK. | not set |
| security-log-file | Used with authentication. The log file for security log messages. If not specified, the member's regular log file is used. | not set |
| security-log-level | Used with authentication. Logging level detail for
security log messages.
Valid values from lowest to highest are fine, config, info, warning, error, severe, and none. |
config |
| security-peer-auth-init | Used with authentication. Static creation method returning an AuthInitialize object, which obtains credentials for peers in a distributed system. The obtained credentials should be acceptable to the Authenticator specified through the security-peer-authenticator property on the peers. | not set |
| security-peer-authenticator | Used with authentication. Static creation method returning an Authenticator object, which is used by a peer to verify the credentials of the connecting peer. | not set |
| security-peer-verifymember-timeout | Used with authentication. Timeout in milliseconds used by a peer to verify membership of an unknown authenticated peer requesting a secure connection. | 1000 |
| server-bind-address | Relevant only for multi-homed hosts - machines with
multiple network interface cards. Network adapter card a
GemFire
server binds to for client/server communication. You can use this to separate
the server’s client/server communication from its peer-to-peer communication,
spreading the traffic load.
This is a machine-wide attribute used for communication with clients in client/server and multi-site installations. This setting has no effect on locator configuration. Specify the IP address, not the hostname, because each network card may not have a unique hostname. An empty string causes the servers to listen on the same card used for peer-to-peer communication. This is either the bind-address or, if that is not set, the machine’s default card. |
not set |
| socket-buffer-size | Receive buffer sizes in bytes of the TCP/IP connections used for data transmission. To minimize the buffer size allocation needed for distributing large, serializable messages, the messages are sent in chunks. This setting determines the size of the chunks. Larger buffers can handle large messages more quickly, but take up more memory. | 32768 |
| socket-lease-time | Time, in milliseconds, a thread can have exclusive access
to a socket it is not actively using. A value of zero causes socket leases to
never expire. This property is ignored if conserve-sockets is true.
Valid values are in the range 0..600000. |
60000 |
| ssl-ciphers | Used for SSL security. A space-separated list of the valid SSL ciphers for this connection. A setting of 'any' uses any ciphers that are enabled by default in the configured JSSE provider. | any |
| ssl-enabled | Used for SSL security. Boolean indicating whether to use SSL for member communications. A true setting requires the use of locators. This attribute must be consistent across the distributed system. | false |
| ssl-protocols | Used for SSL security. A space-separated list of the valid SSL protocols for this connection. A setting of 'any' uses any protocol that is enabled by default in the configured JSSE provider. | any |
| ssl-require-authentication | Used for SSL security. Boolean indicating whether to require authentication for member communication. | true |
| start-locator | If set, automatically starts a locator in the current
process when the member connects to the distributed system and stops the
locator when the member disconnects.
To use, specify the locator with an optional address or host
specification and a required port number, in one of these formats:
If not already there, this locator is automatically added
to the list of locators in this set of
gemfire properties.
start-locator=address[port1] start-locator=port1If you only specify the port, the address assigned to the member is used for the locator. |
not set |
| statistic-archive-file | The file to which the running system member writes statistic samples. An empty string disables archiving. Adding .gz suffix to the file name causes it to be compressed. | not set |
| statistic-sample-rate | How often to sample statistics, in milliseconds.
Valid values are in the range 100..60000. |
1000 |
| statistic-sampling-enabled | Whether to collect and archive statistics on the member.
Turning statistics sampling off saves on resources, but it also takes away potentially valuable information for ongoing system tuning and about unexpected system problems. Note: This setting does not apply to partitioned regions, where
statistics are always enabled.
|
false |
| The TCP port to listen on for cache communications. If set
to zero, the operating system selects an available port. Each process on a
machine must have its own TCP port. Note that some operating systems restrict
the range of ports usable by non-privileged users, and using restricted port
numbers can cause runtime errors in
GemFire
startup.
Valid values are in the range 0..65535. |
0 | |
| udp-fragment-size | Maximum fragment size, in bytes, for transmission over UDP
unicast or multicast sockets. Smaller messages are combined, if possible, for
transmission up to the fragment size setting.
Valid values are in the range 1000..60000. |
60000 |
| udp-recv-buffer-size | The size of the socket buffer used for incoming UDP
point-to-point transmissions. If disable-tcp is false, a reduced buffer size of
65535 is used by default.
The default setting of 1048576 is higher than the default OS maximum buffer size on Unix, which should be increased to at least 1 megabyte to provide high-volume messaging on Unix systems. Valid values are in the range 2048.. OS_maximum. |
1048576 |
| udp-send-buffer-size | The size of the socket buffer used for outgoing UDP
point-to-point transmissions.
Valid values are in the range 2048..OS_maximum. |
65535 |
| writable-working-dir | The writable directory where this member should persist
runtime information about licensing. Keep this directory the same between runs
for each member so the member application can read what it persisted on the
last run.
Note: This property is deprecated as of 6.6.1. Use
license-working-dir instead.
|
member's current working directory as determined by System.getProperty("user.dir") |