Configuring the Bridge
The Amlen Bridge is configured by using a small set of objects that are stored in a JSON dynamic configuration file. The objects can be created and modified as files or specified by using the Bridge REST APIs. When the configuration objects are modified, the dynamic configuration file is updated with the current state.
Overview
Each JSON object that is processed in a configuration file is considered to be a modification from the previous instance of the same object. During the initial configuration, when there is no existing object, the whole object is specified. When a dynamic update is made, only the changed fields are modified. Items such as strings, numbers, boolean, or arrays of strings are replaced.
To delete an object, you can either use the REST DELETE method or you can specify
the object type and name in the configuration file and give the value as null. Removing an object from the configuration file
might not delete the object. For example, if the configuration defines a durable MQTT session with a
SessionExpiry > 0, the session continues to exist on the MQTT server after it is removed from a
configuration file. If the configuration object is explicitly deleted, the object is removed from
the MQTT server.
Connecting to an MQTT server
The following table shows the properties that are defined by a connection object, which are required to connect to an MQTT server:
| Name | Type | Description |
|---|---|---|
| MQTTServerList | Array of String (max 16) | A list of MQTT servers where each entry is in the format host:port. The host
can be a resolvable name or an IP address. |
| Ciphers | String | The cipher list to use when TLS is set to TLS version 1.1 or TLS version1.2. The default is to use ciphers that are selected based on the version of TLS that is used. The cipher list is in openssl cipher selection format. It is best practice to leave the default settings unless they do not work. |
| ClientID | String | The initial part of the client identifier for this connection. The forwarder name and instance number are appended to the end of this name. The connection cannot start if the ClientID is not specified. |
| MaxPacketSize | Int 0 to 2147483647 | The maximum packet size in bytes for MQTT and the maximum batch size in bytes for Event Streams. In MQTT, this value is sent to the server as the maximum size packet that the Bridge
accepts. In Event Streams, the value is used along with MaxBatchTimeMS to decide
when a batch of messages are produced. A value of 0 indicates to use the default max packet size. Small sizes might be rejected or ignored by the server. |
| Password | String | A string to send as the password. The password can be an obfuscated password. |
| ServerName | String | The server name to use for the SNI override. If not specified, the host from the
MQTTServerList entry is used unless it is an IP address. |
| SessionExpiry | Int 0 to 2147483647 | The session expiry. In versions 3.1 or 3.1.1, setting the expiry to zero creates a CleanSession=true connection and any other value creates a CleanSession=false connection. For MQTT version 5, a value of 0 causes CleanStart=true to be set. The default value is 0. |
| TLS | Enum: None, TLSv1.2, TLSv1.1 | The version of TLS to use. If None is selected or this property is not
set, a non-secure connection is used. |
| UserName | String | A string to send as the username |
| Version | Enum: 3.1, 3.1.1, 5.0 | The MQTT version to use. Some features only work if MQTT version 5 is used. Version is not used for Event Streams connections. |
The following section shows an example connection object:
{
"Connection": {
"MyServer":
"MQTTServerList”: [ mymqtt1.ibm.com:16104, mymqtt2.ibm.com:16104 ]
"ClientID": "MQTTBridge-",
“SessionExpiry”: 0,
"Version": "5.0",
"TLS": "TLSv1.2",
"Username": "msgUser2",
"Password": "!Fqun1VseY4Pmruz/Z5KjkmK/FhyZudVZVSdHYeXzx"
}
}
}
For an Event Streams destination, the MQTTServerList is replaced with
EventStreamsBrokerList.
| Name | Type | Description |
|---|---|---|
| EventStreamsBrokerList | Array of String (max 16) | A list of Event Streams brokers where each entry is of the form host:port.
The host can be a resolvable name or an IP address. |
| MaxBatchTimeMS | Int 0 to 2147483647 | The maximum time to wait to complete a batch of messages. If the value is 0, the system
default time is used. Otherwise, this is a time in milliseconds to wait to fill a batch. The batch
of messages is sent to the broker when it exceeds either the MaxPacketSize, or the
MaxBatchTimeMS. |
For Event Streams connections, the properties ClientID,
SessionExpiry and Version are not used. For MQTT connections the
MaxBatchTimeMS property is not used.
Most items in Connection can be set back to the default by setting the value to null. This does not work for some values, which are required for the connection to work.
Forwarder
The following table shows the rules that are defined by the forwarder object. The rules are used to forward messages from a source MQTT server to a destination:
| Name | Type | Description |
|---|---|---|
| Source | String | The name of the source connection object. |
| Destination | String | The name of the destination connection object. |
| Enabled | Boolean | If the value is false, then the forwarder is not enabled and is not started. |
| Instances | Int 0-100 | The number of instances. A value of 0 means that there no added instances. A value of 1 to 100 means that this forwarder is used as a prototype to create the specified number of instances. |
| Topic | String or Array of String (max 16) | The names of topics to subscribe to. |
| Selector | String | A selector in extended SQL92 format. |
| SourceQoS | 0, 1, 2 | The QoS for the subscription. This can be reduced if the source server does not support the requested QoS. If the destination is Event Streams, this value is reduced from 2 to 1. |
| TopicMap | String | The mapping from source topic to destination topic. |
The following section shows an example forwarder:
{
"Forwarder": {
"m2w": {
"Topic": ["wiotp/event/+/+/MyEvent/#"],
"Enabled": true,
"Source": "MyServer",
"Destination": "WIoTP",
"TopicMap": "iot-2/type/${Topic2}/id/${Topic3}/evt/${Topic4}/fmt/json'"
}
}
}
The following table shows the name, type and description of the fields that are added for forwarders with an Event Streams destination:
| Name | Type | Description |
|---|---|---|
| KeyMap | String | The map that is used to create the key. The key is always created as a string. If no KeyMap is given, a null Keymap is used in the same format as TopicMap. |
| KafkaAPIVersion | 0, 1, 2 | The Apache Kafka® LogMessageVersion. This is value is based on the version of the Event Streams brokers, but in some cases requires a manual override. Sending MQTT version 5 properties requires KafkaAPIVersion=2, but this in turn requires an Event Streams instance based on Kafka 0.11 or later. |
| PartitionRule | String | The rule that is used to choose a partition when there are multiple partitions for a topic. This can be one of the built in rules, or a string with replacement values which is then hashed. |
| RoutingRule | Object containing a set of named strings. | The name of the string item within the RoutingRule object is an Event Streams topic, and the value of the item is a message selector. The name must be 1 to 100 characters in length and can only contain base alphanumerics and the special characters underscore, hyphen, and period. If a name is specified more than once, the latter name replaces the former. |
Most items in Forwarder can be set back to the default by setting the value to null. This does not work for some values, which are required for the forwarder to work.
Endpoint
An Endpoint object defines the properties needed to define an administrative REST interface for the Bridge. The following table shows the name, type and description of the properties that are used to define an administrative REST interface for the Bridge:
| Name | Type | Description |
|---|---|---|
| Port | Integer (1 to 65535) | The port number to listen on. This must be unique. |
| Interface | String | The interface to listen on. If this value is not specified or "*" is entered, then listen on all interfaces. |
| Protocol | enum: "admin" | In the bridge, "admin" is the only supported protocol. |
| Enabled | Boolean | If this value is false, the endpoint is not enabled. |
| Authentication | enum: "basic" | If this value is set, an HTTP status of 401 is returned if the username is not specified. |
| Certificate | String | The name of a file in the keystore that contains the certificate for this endpoint. This is needed to set the endpoint as secure. |
| Ciphers | enum: "fast" or "best" | This value defines the ciphers to use. The default value "fast" gives faster ciphers and "best" gives better ciphers. Only high quality ciphers are used. |
| KeyPassword | String | The password for the private key. The password can be in plain text or in a bidirectional password obfuscation starting with an exclamation point (!). When the dynamic configuration is written, the value is changed to an obfuscated password. |
| Key | String | The name of a file in the keystore that contains the key for this endpoint. Any form of private key is allowed, but it must be the key that signed the certificate. This is needed to set the endpoint as secure. This key file can be password protected if the KeyPassword is specified. |
| EnableAbout | Boolean | If true, the simple HTTP server is enabled showing the about page. Use to verify that the endpoint is correctly configured. |
| Method | enum: TLSv1.1 or TLSv1.2. | The minimum TLS method to use. This value is ignored if Secure=false. |
| Secure | Boolean | If this value is true, TLS security is used. |
| UseClientCipher | Boolean | If this value is true, the client cipher order is used: otherwise, the server cipher order is used. The default value is server order. |
{
"Endpoint": {
"admin": {
"Port": 9961,
"Enabled": true,
"Secure": true,
"Ciphers": "Fast",
"Method": "TLSv1.2",
"Certificate": "mycert.pem",
"Key": "mykey.pem",
“KeyPassword”: “!HCuwKKpW2sUeQEUJIYkWpJp5HX/nBGDpMYQMhjRhE”
}
}
}
User
A User object defines a user who can connect on the administrative endpoint.
| Name | Type | Description |
|---|---|---|
| Password | String | The password for the user. The password can be plain text or an obfuscated password. When the Bridge updates a configuration file, it writes an obfuscated password. |
{
"User": {
"user": { "Password": "=0hRDkZDpoF+e0sLJrgMpv7c2xeyApDR/6DWWzD8JfWI=" },
"fred": { "Password": "very_secret" }
}
}