Broker configuration file
The broker configuration file (/etc/dcv-session-manager-broker/session-manager-broker.properties
)
includes parameters that can be configured to customize the Session Manager functionality. You can edit the configuration file using
your preferred text editor.
Note
The /etc/dcv-session-manager-broker/session-manager-broker.properties
file contains sensitive data. By default,
its write access is restricted to root and its read access is restricted to root and to the user running the broker. By default,
this is the dcvsmbroker
user. The broker checks at startup that the file has the expected permissions.
The following table lists the parameters in the broker configuration file.
Parameter name | Required | Default value | Description |
---|---|---|---|
broker-java-home |
No |
|
Specifies the path to the Java home directory the broker will use instead of the system default one.
If set, the broker will use <broker-java-home>/bin/java at startup.
Tip: the broker requires Java Runtime Environment 11 and it is installed if missing as a dependency upon successfull installation. If version 11 is not set as default Java environment, its home directory can be grabbed using the following command:
|
session-screenshot-max-width |
No | 160 |
Specifies the maximum width, in pixels, of session screenshots taken using the GetSessionScreenshots API. |
session-screenshot-max-height |
No | 100 |
Specifies the maximum height, in pixels, of session screenshots taken using the GetSessionScreenshots API. |
session-screenshot-format |
No | png |
The image file format of session screenshots taken using the GetSessionScreenshots API. |
create-sessions-queue-max-size |
No | 1000 |
The maximum number of unfulfilled CreateSessions API requests that can be queued. When the queue is full, new unfulfilled requests are rejected. |
create-sessions-queue-max-time-seconds |
No | 1800 |
The maximum of time, in seconds, that an unfulfilled CreateSessions API request can remain in the queue. If the request cannot be fulfilled within the specified amount of time, it fails. |
session-manager-working-path |
Yes | /tmp |
Specifies the path to the directory where the broker writes the files needed to operate. This directory must be accessible only to the broker. |
enable-authorization-server |
Yes | true |
Specifies whether the broker is the authentication server used to generate OAuth 2.0 access tokens for client APIs. |
enable-authorization |
Yes | true |
Enables or disables client authorization. if you enable client authorization, the client API must provide an access token when making API requests. If you disable client authorization, client APIs can make requests without access tokens. |
enable-agent-authorization |
Yes | true |
Enables or disables agent authorization. If you enable agent authorization, the agent must provide an access token when communicating with the broker. |
delete-session-duration-hours |
No | 1 |
Specifies the number of hours after which deleted sessions become invisible and are no longer returned
by DescribeSession API calls. |
connect-session-token-duration-minutes |
No | 60 |
Specifies the number of minutes for which the ConnectSession token remains valid. |
client-to-broker-connector-https-port |
Yes | 8443 |
Specifies the HTTPS port where the broker listens for client connections. |
client-to-broker-connector-bind-host |
No | 0.0.0.0 |
Specifies the IP address of the host where the broker binds for client connections. |
client-to-broker-connector-key-store-file |
Yes |
|
Specifies the key store used for TLS client connections. |
client-to-broker-connector-key-store-pass |
Yes |
|
Specifies the key store pass. |
agent-to-broker-connector-https-port |
Yes | 8445 |
Specifies the HTTPS port where the broker listens for agent connections. |
agent-to-broker-connector-bind-host |
No | 0.0.0.0 |
Specifies the IP address of the host where the broker binds for agent connections. |
agent-to-broker-connector-key-store-file |
Yes |
|
Specifies the key store used for TLS agent connections. |
agent-to-broker-connector-key-store-pass |
Yes |
|
Specifies the key store pass. |
broker-to-broker-port |
Yes | 47100 |
Specifies the port used for broker-to-broker connections. |
broker-to-broker-bind-host |
No | 0.0.0.0 |
Specifies the IP address of the host where the broker binds for broker-to-broker connections. |
broker-to-broker-discovery-port |
Yes | 47500 |
Specifies the port used by brokers to discover each other. |
broker-to-broker-discovery-addresses |
No |
|
Specifies the IP addresses and ports of the other brokers in the fleet in the
ip_address :port format. If there are multiple brokers,
separate the values with a comma. If you specify broker-to-broker-discovery-multicast-group ,
broker-to-broker-discovery-multicast-port , broker-to-broker-discovery-Amazon-region ,
or broker-to-broker-discovery-Amazon-alb-target-group-arn , omit this parameter. |
broker-to-broker-discovery-multicast-group |
No |
|
Specifies the multicast group for broker-to-roker discovery. If you specify
broker-to-broker-discovery-addresses ,
broker-to-broker-discovery-aws-region , or
broker-to-broker-discovery-Amazon-alb-target-group-arn ,
omit this parameter. |
broker-to-broker-discovery-multicast-port |
No |
|
Specifies the multicast port for broker-to-broker discovery. If you specify
broker-to-broker-discovery-addresses ,
broker-to-broker-discovery-Amazon-region , or
broker-to-broker-discovery-Amazon-alb-target-group-arn ,
omit this parameter. |
broker-to-broker-discovery-Amazon-region |
No |
|
Specifies the Amazon Region of the application load balancer used for broker to broker discovery. If you specify
broker-to-broker-discovery-multicast-group , broker-to-broker-discovery-multicast-port ,
or broker-to-broker-discovery-addresses , omit this parameter. |
broker-to-broker-discovery-Amazon-alb-target-group-arn |
No |
|
The ARN of the application load balancer target group user for broker-to-broker discovery. If
you specify broker-to-broker-discovery-multicast-group ,
broker-to-broker-discovery-multicast-port , or
broker-to-broker-discovery-addresses , omit this
parameter. |
broker-to-broker-distributed-memory-max-size-mb |
No | 4096 |
Specifies the maximum amount of off -heap memory to be used by a single broker to store Amazon DCV session data. |
broker-to-broker-key-store-file |
Yes |
|
Specifies the key store used for TLS broker connections. |
broker-to-broker-key-store-pass |
Yes |
|
Specifies the key store pass. |
enable-cloud-watch-metrics |
No | false |
Enables or disables Amazon CloudWatch metrics. If you enable CloudWatch Metrics, you
might need to specify a value for
cloud-watch-region . |
cloud-watch-region |
No | Only required if enable-cloud-watch-metrics is set to true .
If the broker is installed on an Amazon EC2 instance, the region is retrieved from the IMDS. |
The Amazon region where the CloudWatch metrics are posted. |
max-api-requests-per-second | No | 1000 |
Specifies the maximum number of requests that the broker api can process each second before being throttled. |
enable-throttling-forwarded-for-header |
No | false |
If set to true the throttling retrieves the caller ip from the X-Forwared-For
header if present.
|
create-sessions-number-of-retries-on-failure |
No | 2 |
Specifies the maximum number of retries to be performed after a create session request fails on a Amazon DCV server host. Set to 0 to never perform retries on failures. |
autorun-file-arguments-max-size |
No | 50 |
Specifies the maximum number of arguments that can be passed to the autorun file. |
autorun-file-arguments-max-argument-length |
No | 150 |
Specifies the maximum length in chars of each autorun file argument. |
enable-persistence |
Yes | false |
If set to true , the broker status data is persisted on an external database. |
persistence-db |
No | Only required if enable-persistence is set to true . |
Specifies which database is used for persistence. The only supported values are:
dynamodb and mysql . |
dynamodb-region |
No | Only required if enable-persistence is set to true and persistence-db is set to dynamodb . |
Specifies the region where the DynamoDB tables are created and accessed. |
dynamodb-table-rcu |
No | Only required if enable-persistence is set to true and
persistence-db is set to dynamodb . |
Specifies the Read Capacity Units (RCU) for each DynamoDB table For more information on RCU,
see Pricing for Provisioned Capacity |
dynamodb-table-wcu |
No | Only required if enable-persistence is set to true and
persistence-db is set to dynamodb . |
Specifies the Write Capacity Units (WCU) for each DynamoDB table. For more information on
WCU, see Pricing for Provisioned Capacity |
dynamodb-table-name-prefix |
No | Only required if enable-persistence is set to true and
persistence-db is set to dynamodb . |
Specifies the prefix that is added to each DynamoDB table (useful to distinguish multiple broker clusters using the same Amazon account). Only alphanumeric characters, dot, dash and underscore are allowed. |
jdbc-connection-url |
No | Only required if enable-persistence is set to true and
persistence-db is set to mysql . |
Specifies the connection URL to the MariaDB/MySQL database; it contains the endpoint and the database name.
The url should have this format: Where <db_endpoint> is the MariaDB/MySQL database endpoint, <db_port> is the database port and <db_name> is the database name. |
jdbc-user |
No | Only required if enable-persistence is set to true and
persistence-db is set to mysql . |
Specifies the name of the user that has access to the MariaDB/MySQL database. |
jdbc-password |
No | Only required if enable-persistence is set to true and
persistence-db is set to mysql . |
Specifies the password of the user that has access to the MariaDB/MySQL database. |
seconds-before-deleting-unreachable-dcv-server |
No | 1800 |
Specifies the amount of seconds after which an unreachable server is deleted from the system. |