forked from pulse-vadc/go-vtm
/
config_global_settings.go
1619 lines (1296 loc) · 71.7 KB
/
config_global_settings.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Copyright (C) 2018-2019, Pulse Secure, LLC.
// Licensed under the terms of the MPL 2.0. See LICENSE file for details.
// Go library for Pulse Virtual Traffic Manager REST version 6.1.
package vtm
import (
"encoding/json"
)
type GlobalSettings struct {
connector *vtmConnector
GlobalSettingsProperties `json:"properties"`
}
func (vtm VirtualTrafficManager) GetGlobalSettings() (*GlobalSettings, *vtmErrorResponse) {
conn := vtm.connector.getChildConnector("/tm/6.1/config/active/global_settings?expert_keys=fault_tolerance/multicast_version,telemetry/autotest_schedule")
data, ok := conn.get()
if ok != true {
object := new(vtmErrorResponse)
json.NewDecoder(data).Decode(object)
return nil, object
}
object := new(GlobalSettings)
object.connector = conn
if err := json.NewDecoder(data).Decode(object); err != nil {
panic(err)
}
return object, nil
}
func (object GlobalSettings) Apply() (*GlobalSettings, *vtmErrorResponse) {
marshalled, err := json.Marshal(object)
if err != nil {
panic(err)
}
data, ok := object.connector.put(string(marshalled), STANDARD_OBJ)
if ok != true {
object := new(vtmErrorResponse)
json.NewDecoder(data).Decode(object)
return nil, object
}
if err := json.NewDecoder(data).Decode(&object); err != nil {
panic(err)
}
return &object, nil
}
type GlobalSettingsProperties struct {
Admin struct {
// Whether or not the admin server, the internal control port and
// the config daemon honor the Fallback SCSV to protect connections
// against downgrade attacks.
HonorFallbackScsv *bool `json:"honor_fallback_scsv,omitempty"`
// Whether or not SSL3/TLS re-handshakes should be supported for
// admin server and internal connections.
Ssl3AllowRehandshake *string `json:"ssl3_allow_rehandshake,omitempty"`
// The SSL ciphers to use for admin server and internal connections.
// For information on supported ciphers see the online help.
Ssl3Ciphers *string `json:"ssl3_ciphers,omitempty"`
// The length in bits of the Diffie-Hellman key for ciphers that
// use Diffie-Hellman key agreement for admin server and internal
// connections.
Ssl3DiffieHellmanKeyLength *string `json:"ssl3_diffie_hellman_key_length,omitempty"`
// If SSL3/TLS re-handshakes are supported on the admin server,
// this defines the minimum time interval (in milliseconds) between
// handshakes on a single SSL3/TLS connection that is permitted.
// To disable the minimum interval for handshakes the key should
// be set to the value "0".
Ssl3MinRehandshakeInterval *int `json:"ssl3_min_rehandshake_interval,omitempty"`
// The SSL elliptic curve preference list for admin and internal
// connections. The named curves P256, P384 and P521 may be configured.
SslEllipticCurves *[]string `json:"ssl_elliptic_curves,omitempty"`
// Whether or not SSL3 and TLS1 use one-byte fragments as a BEAST
// countermeasure for admin server and internal connections.
SslInsertExtraFragment *bool `json:"ssl_insert_extra_fragment,omitempty"`
// The maximum size (in bytes) of SSL handshake messages that the
// admin server and internal connections will accept. To accept
// any size of handshake message the key should be set to the value
// "0".
SslMaxHandshakeMessageSize *int `json:"ssl_max_handshake_message_size,omitempty"`
// Take performance degrading steps to prevent exposing timing side-channels
// with SSL3 and TLS used by the admin server and internal connections.
SslPreventTimingSideChannels *bool `json:"ssl_prevent_timing_side_channels,omitempty"`
// The SSL signature algorithms preference list for admin and internal
// connections using TLS version 1.2 or higher. For information
// on supported algorithms see the online help.
SslSignatureAlgorithms *string `json:"ssl_signature_algorithms,omitempty"`
// Whether or not SSL3 support is enabled for admin server and internal
// connections.
SupportSsl3 *bool `json:"support_ssl3,omitempty"`
// Whether or not TLS1.0 support is enabled for admin server and
// internal connections.
SupportTls1 *bool `json:"support_tls1,omitempty"`
// Whether or not TLS1.1 support is enabled for admin server and
// internal connections.
SupportTls11 *bool `json:"support_tls1_1,omitempty"`
// Whether or not TLS1.2 support is enabled for admin server and
// internal connections.
SupportTls12 *bool `json:"support_tls1_2,omitempty"`
// Whether or not TLS1.3 support is enabled for admin server and
// internal connections.
SupportTls13 *bool `json:"support_tls1_3,omitempty"`
} `json:"admin"`
Appliance struct {
// The password used to protect the bootloader. An empty string
// means there will be no protection.
BootloaderPassword *string `json:"bootloader_password,omitempty"`
// Whether or not the traffic manager will attempt to route response
// packets back to clients via the same route on which the corresponding
// request arrived. Note that this applies only to the last hop
// of the route - the behaviour of upstream routers cannot be altered
// by the traffic manager.
ReturnPathRoutingEnabled *bool `json:"return_path_routing_enabled,omitempty"`
} `json:"appliance"`
Aptimizer struct {
// The period of time (in seconds) that unaccessed cache entries
// will be retained by Web Accelerator.
CacheEntryLifetime *int `json:"cache_entry_lifetime,omitempty"`
// The maximum number of cache entries that will be retained by
// Web Accelerator before removing old entries to make room for
// new ones.
CacheEntryLimit *int `json:"cache_entry_limit,omitempty"`
// The Profile to use by default if no mappings are configured (or
// if Web Accelerator is licensed in Express mode)
DefaultProfile *string `json:"default_profile,omitempty"`
// The Scope to use by default if no mappings are configured (or
// if Web Accelerator is licensed in Express mode)
DefaultScope *string `json:"default_scope,omitempty"`
// How long to wait for dependent resource fetches (default 30 seconds).
DependentFetchTimeout *int `json:"dependent_fetch_timeout,omitempty"`
// Whether or not the Web Accelerator state will be dumped if "/aptimizer-state-dump"
// is appended to an optimized URL.
EnableStateDump *bool `json:"enable_state_dump,omitempty"`
// The time after which connections between the traffic manager
// and Web Accelerator processes will be closed, should an optimization
// job take considerably longer than expected.
IpcTimeout *int `json:"ipc_timeout,omitempty"`
// How many direct jobs can be in progress before optimization jobs
// start getting rejected by Web Accelerator.
MaxConcurrentJobs *int `json:"max_concurrent_jobs,omitempty"`
// The maximum size of a dependent resource that can undergo Web
// Accelerator optimization. Any content larger than this size will
// not be optimized. Units of KB and MB can be used, no postfix
// denotes bytes. A value of 0 disables the limit.
MaxDependentFetchSize *string `json:"max_dependent_fetch_size,omitempty"`
// The maximum size of unoptimized content buffered in the traffic
// manager for a single backend response that is undergoing Web
// Accelerator optimization. Responses larger than this will not
// be optimized. Note that if the backend response is compressed
// then this setting pertains to the compressed size, before Web
// Accelerator decompresses it. Units of KB and MB can be used,
// no postfix denotes bytes. Value range is 1 - 128MB.
MaxOriginalContentBufferSize *string `json:"max_original_content_buffer_size,omitempty"`
// The size in bytes of the operating system buffer which is used
// to send request URLs and data to Web Accelerator and return optimized
// resources from Web Accelerator. A larger buffer will allow a
// greater number of simultaneous resources to be optimized, particularly
// if a large number of requests are made at the same time, for
// example an HTML page containing hundreds of images to optimize.
// If this is set to zero, the default operating system buffer size
// will be used.
QueueBufferSize *int `json:"queue_buffer_size,omitempty"`
// The period of time (in seconds) that resource data is retained
// by Web Accelerator after it is no longer actively in use.
ResourceLifetime *int `json:"resource_lifetime,omitempty"`
// The maximum amount of memory the cache is allowed to have pinned.
// Once it goes over that limit, it starts releasing resource data
// in LRU order.
ResourceMemoryLimit *int `json:"resource_memory_limit,omitempty"`
// The period of time (in seconds) after which a previous failure
// will no longer count towards the watchdog limit.
WatchdogInterval *int `json:"watchdog_interval,omitempty"`
// The maximum number of times the Web Accelerator sub-process will
// be started or restarted within the interval defined by the aptimizer!watchdog_interval
// setting. If the process fails this many times, it must be restarted
// manually from the Diagnose page. Zero means no limit.
WatchdogLimit *int `json:"watchdog_limit,omitempty"`
} `json:"aptimizer"`
Auditlog struct {
// Whether to mirror the audit log to EventD.
ViaEventd *bool `json:"via_eventd,omitempty"`
// Whether to output audit log message to the syslog.
ViaSyslog *bool `json:"via_syslog,omitempty"`
} `json:"auditlog"`
Auth struct {
// Lifetime in seconds of cryptographic keys used to decrypt SAML
// SP sessions stored externally (client-side).
SamlKeyLifetime *int `json:"saml_key_lifetime,omitempty"`
// Rotation interval in seconds for cryptographic keys used to encrypt
// SAML SP sessions stored externally (client-side).
SamlKeyRotationInterval *int `json:"saml_key_rotation_interval,omitempty"`
} `json:"auth"`
Autoscaler struct {
// The interval at which the parent sends new SLM status to the
// autoscaler.
SlmInterval *int `json:"slm_interval,omitempty"`
// Whether or not detailed messages about the autoscaler's activity
// are written to the error log.
Verbose *bool `json:"verbose,omitempty"`
} `json:"autoscaler"`
Bandwidth struct {
// For the global BW limits, how the bandwidth allocation should
// be shared between consumers. In 'pooled' mode, the allocation
// is shared between all consumers, who can write as much data as
// they want until the pool of data is exhausted. In 'quota' mode,
// bandwidth is divided between consumers, who can write only as
// much as they are allocated. Any unused bandwidth will be lost.
LicenseSharing *string `json:"license_sharing,omitempty"`
// For the global BW limits using 'pooled' bandwidth allocation
// sharing between consumers, when the license limit is reached
// the allowance will be evenly distributed between the remaining
// consumers. Each consumer will, however be permitted to write
// at least this much data.
PooledMinWrite *int `json:"pooled_min_write,omitempty"`
} `json:"bandwidth"`
Basic struct {
// How often, in milliseconds, each traffic manager child process
// (that isn't listening for new connections) checks to see whether
// it should start listening for new connections.
AcceptingDelay *int `json:"accepting_delay,omitempty"`
// How long in seconds to wait for the application firewall control
// script to complete clustering operations for the application
// firewall.
AfmClusterTimeout *int `json:"afm_cluster_timeout,omitempty"`
// How long in seconds to wait for the application firewall control
// script to complete operations such as starting and stopping the
// application firewall.
AfmControlTimeout *int `json:"afm_control_timeout,omitempty"`
// Is the application firewall enabled.
AfmEnabled *bool `json:"afm_enabled,omitempty"`
// Timeout for waiting for child processes to respond to parent
// control requests If a child process (zeus.zxtm, zeus.eventd,
// zeus.autoscaler, etc) takes longer than this number of seconds
// to respond to a parent control command, error messages will be
// logged for every multiple of this number of seconds, for example,
// if set to 10 seconds, a log message will be logged every 10 seconds,
// until the child responds or is automatically killed (see the
// child_control_kill_timeout setting).
ChildControlCommandTimeout *int `json:"child_control_command_timeout,omitempty"`
// Timeout for waiting for child processes to respond to parent
// control requests If a child process (zeus.zxtm, zeus.eventd,
// zeus.autoscaler, etc) takes longer than this number of seconds
// to respond to a parent control command, then the parent zeus.zxtm
// process will assume this process is stuck in an unresponsive
// loop and will kill it, log the termination event, and wait for
// a new process of the same type to restart. Set this to 0 to disable
// killing unresponsive child processes.
ChildControlKillTimeout *int `json:"child_control_kill_timeout,omitempty"`
// The default chunk size for reading/writing requests.
ChunkSize *int `json:"chunk_size,omitempty"`
// Whether or not your traffic manager should make use of TCP optimisations
// to defer the processing of new client-first connections until
// the client has sent some data.
ClientFirstOpt *bool `json:"client_first_opt,omitempty"`
// Cluster identifier. Generally supplied by Services Director.
ClusterIdentifier *string `json:"cluster_identifier,omitempty"`
// How frequently should child processes check for CPU starvation?
// A value of 0 disables the detection.
CpuStarvationCheckInterval *int `json:"cpu_starvation_check_interval,omitempty"`
// How much delay in milliseconds between starvation checks do we
// allow before we assume that the machine or its HyperVisor are
// overloaded.
CpuStarvationCheckTolerance *int `json:"cpu_starvation_check_tolerance,omitempty"`
// Disable the cipher blacklist check in HTTP2 (mainly intended
// for testing purposes)
Http2NoCipherBlacklistCheck *bool `json:"http2_no_cipher_blacklist_check,omitempty"`
// Whether or not messages pertaining to internal configuration
// files should be logged to the event log.
InternalConfigLogging *bool `json:"internal_config_logging,omitempty"`
// A list of license servers for FLA licensing. A license server
// should be specified as a "<ip/host>:<port>" pair.
LicenseServers *[]string `json:"license_servers,omitempty"`
// The maximum number of file descriptors that your traffic manager
// will allocate.
MaxFds *int `json:"max_fds,omitempty"`
// The maximum number of each of nodes, pools or locations that
// can be monitored. The memory used to store information about
// nodes, pools and locations is allocated at start-up, so the traffic
// manager must be restarted after changing this setting.
MonitorMemorySize *int `json:"monitor_memory_size,omitempty"`
// The maximum number of Rate classes that can be created. Approximately
// 100 bytes will be pre-allocated per Rate class.
RateClassLimit *int `json:"rate_class_limit,omitempty"`
// The size of the shared memory pool used for shared storage across
// worker processes (e.g. bandwidth shared data).This is specified
// as either a percentage of system RAM, "5%" for example, or an
// absolute size such as "10MB".
SharedPoolSize *string `json:"shared_pool_size,omitempty"`
// The maximum number of SLM classes that can be created. Approximately
// 100 bytes will be pre-allocated per SLM class.
SlmClassLimit *int `json:"slm_class_limit,omitempty"`
// The size of the operating system's read buffer. A value of "0"
// (zero) means to use the OS default; in normal circumstances this
// is what should be used.
SoRbuffSize *int `json:"so_rbuff_size,omitempty"`
// The size of the operating system's write buffer. A value of "0"
// (zero) means to use the OS default; in normal circumstances this
// is what should be used.
SoWbuffSize *int `json:"so_wbuff_size,omitempty"`
// Whether or not the traffic manager should use potential network
// socket optimisations. If set to "auto", a decision will be made
// based on the host platform.
SocketOptimizations *string `json:"socket_optimizations,omitempty"`
// Whether the storage for the traffic managers' configuration is
// shared between cluster members.
StorageShared *bool `json:"storage_shared,omitempty"`
// The maximum number of Traffic IP Groups that can be created.
TipClassLimit *int `json:"tip_class_limit,omitempty"`
} `json:"basic"`
Bgp struct {
// The number of the BGP AS in which the traffic manager will operate.
// Must be entered in decimal.
AsNumber *int `json:"as_number,omitempty"`
// Whether BGP Route Health Injection is enabled
Enabled *bool `json:"enabled,omitempty"`
} `json:"bgp"`
ClusterComms struct {
// The default value of "allow_update" for new cluster members.
// If you have cluster members joining from less trusted locations
// (such as cloud instances) this can be set to "false" in order
// to make them effectively "read-only" cluster members.
AllowUpdateDefault *bool `json:"allow_update_default,omitempty"`
// The hosts that can contact the internal administration port on
// each traffic manager. This should be a list containing IP addresses,
// CIDR IP subnets, and "localhost"; or it can be set to "all" to
// allow any host to connect.
AllowedUpdateHosts *[]string `json:"allowed_update_hosts,omitempty"`
// How often to propagate the session persistence and bandwidth
// information to other traffic managers in the same cluster. Set
// this to "0" (zero) to disable propagation.<br /> Note that a
// cluster using "unicast" heartbeat messages cannot turn off these
// messages.
StateSyncInterval *int `json:"state_sync_interval,omitempty"`
// The maximum amount of time to wait when propagating session persistence
// and bandwidth information to other traffic managers in the same
// cluster. Once this timeout is hit the transfer is aborted and
// a new connection created.
StateSyncTimeout *int `json:"state_sync_timeout,omitempty"`
} `json:"cluster_comms"`
Connection struct {
// The maximum number of unused HTTP keepalive connections with
// back-end nodes that the traffic manager should maintain for re-use.
// Setting this to "0" (zero) will cause the traffic manager to
// auto-size this parameter based on the available number of file-descriptors.
IdleConnectionsMax *int `json:"idle_connections_max,omitempty"`
// How long an unused HTTP keepalive connection should be kept before
// it is discarded.
IdleTimeout *int `json:"idle_timeout,omitempty"`
// The listen queue size for managing incoming connections. It may
// be necessary to increase the system's listen queue size if this
// value is altered. If the value is set to "0" then the default
// system setting will be used.
ListenQueueSize *int `json:"listen_queue_size,omitempty"`
// Number of processes that should accept new connections. Only
// this many traffic manager child processes will listen for new
// connections at any one time. Setting this to "0" (zero) will
// cause your traffic manager to select an appropriate default value
// based on the architecture and number of CPUs.
MaxAccepting *int `json:"max_accepting,omitempty"`
// Whether or not the traffic manager should try to read multiple
// new connections each time a new client connects. This can improve
// performance under some very specific conditions. However, in
// general it is recommended that this be set to 'false'.
MultipleAccept *bool `json:"multiple_accept,omitempty"`
} `json:"connection"`
Dns struct {
// How often to check the DNS configuration for changes.
Checktime *int `json:"checktime,omitempty"`
// The location of the "hosts" file.
Hosts *string `json:"hosts,omitempty"`
// Whether or not to try reading the "dns!hosts" file before calling
// gethostbyname(). This config key exists for testing purposes
// only.
Hostsfirst *bool `json:"hostsfirst,omitempty"`
// Maximum Time To Live (expiry time) for entries in the DNS cache.
MaxTtl *int `json:"max_ttl,omitempty"`
// How often to send DNS request packets before giving up.
Maxasynctries *int `json:"maxasynctries,omitempty"`
// Minimum Time To Live (expiry time) for entries in the DNS cache.
MinTtl *int `json:"min_ttl,omitempty"`
// Expiry time for failed lookups in the DNS cache.
NegativeExpiry *int `json:"negative_expiry,omitempty"`
// The location of the "resolv.conf" file.
Resolv *string `json:"resolv,omitempty"`
// Maximum number of entries in the DNS cache.
Size *int `json:"size,omitempty"`
// Timeout for receiving a response from a DNS server.
Timeout *int `json:"timeout,omitempty"`
} `json:"dns"`
DnsAutoscale struct {
// The IP address and port number of the DNS server to use for DNS-derived
// autoscaling, in the form addr:port. This is intended for test
// and debug purposes, and will override the configuration of the
// system resolver, which is usually defined in /etc/resolv.conf
Resolver *string `json:"resolver,omitempty"`
} `json:"dns_autoscale"`
Ec2 struct {
// Amazon EC2 Access Key ID.
AccessKeyId *string `json:"access_key_id,omitempty"`
// How long, in seconds, the traffic manager should wait while associating
// or disassociating an Elastic IP to the instance.
ActionTimeout *int `json:"action_timeout,omitempty"`
// The maximum amount of time requests to the AWS Query API can
// take before timing out.
AwstoolTimeout *int `json:"awstool_timeout,omitempty"`
// URL for the EC2 metadata server, "http://169.254.169.254/latest/meta-data"
// for example.
MetadataServer *string `json:"metadata_server,omitempty"`
// The maximum amount of time requests to the EC2 Metadata Server
// can take before timing out.
MetadataTimeout *int `json:"metadata_timeout,omitempty"`
// URL for the Amazon EC2 endpoint, "https://ec2.amazonaws.com/"
// for example.
QueryServer *string `json:"query_server,omitempty"`
// Amazon EC2 Secret Access Key.
SecretAccessKey *string `json:"secret_access_key,omitempty"`
// Whether to verify Amazon EC2 endpoint's certificate using CA(s)
// present in SSL Certificate Authorities Catalog.
VerifyQueryServerCert *bool `json:"verify_query_server_cert,omitempty"`
// Whether to decluster the traffic manager running inside vpc when
// the instance stops.
VpcDeclusterOnStop *bool `json:"vpc_decluster_on_stop,omitempty"`
} `json:"ec2"`
Eventing struct {
// The minimum length of time that must elapse between alert emails
// being sent. Where multiple alerts occur inside this timeframe,
// they will be retained and sent within a single email rather than
// separately.
MailInterval *int `json:"mail_interval,omitempty"`
// The number of times to attempt to send an alert email before
// giving up.
MaxAttempts *int `json:"max_attempts,omitempty"`
} `json:"eventing"`
FaultTolerance struct {
// The number of ARP packets a traffic manager should send when
// an IP address is raised.
ArpCount *int `json:"arp_count,omitempty"`
// Whether or not traffic IPs automatically move back to machines
// that have recovered from a failure and have dropped their traffic
// IPs.
AutoFailback *bool `json:"auto_failback,omitempty"`
// Configure the delay of automatic failback after a previous failover
// event. This setting has no effect if autofailback is disabled.
AutofailbackDelay *int `json:"autofailback_delay,omitempty"`
// How long the traffic manager should wait for status updates from
// any of the traffic manager's child processes before assuming
// one of them is no longer servicing traffic.
ChildTimeout *int `json:"child_timeout,omitempty"`
// The IP addresses used to check front-end connectivity. The text
// "%gateway%" will be replaced with the default gateway on each
// system. Set this to an empty string if the traffic manager is
// on an Intranet with no external connectivity.
FrontendCheckIps *[]string `json:"frontend_check_ips,omitempty"`
// The method traffic managers should use to exchange cluster heartbeat
// messages.
HeartbeatMethod *string `json:"heartbeat_method,omitempty"`
// The interval between unsolicited periodic IGMP Membership Report
// messages for Multi-Hosted Traffic IP Groups.
IgmpInterval *int `json:"igmp_interval,omitempty"`
// The frequency, in milliseconds, that each traffic manager machine
// should check and announce its connectivity.
MonitorInterval *int `json:"monitor_interval,omitempty"`
// How long, in seconds, each traffic manager should wait for a
// response from its connectivity tests or from other traffic manager
// machines before registering a failure.
MonitorTimeout *int `json:"monitor_timeout,omitempty"`
// The multicast address and port to use to exchange cluster heartbeat
// messages.
MulticastAddress *string `json:"multicast_address,omitempty"`
// The multicast version to be use ("1", "2" or "3") for cluster
// heartbeat messages. A value of "0" will let the operating system
// choose (but note that Linux often gets this wrong). This setting
// is only supported when using 2.6 versions of the Linux kernel.
MulticastVersion *int `json:"multicast_version,omitempty"`
// Whether the ribd routing daemon is to be run. The routing software
// needs to be restarted for this change to take effect.
RoutingSwRunRibd *bool `json:"routing_sw_run_ribd,omitempty"`
// The period of time in seconds after which a failure will no longer
// count towards the watchdog limit.
RoutingSwWatchdogInterval *int `json:"routing_sw_watchdog_interval,omitempty"`
// The maximum number of times the routing software suite of processes
// will be started or restarted within the interval defined by the
// flipper!routing_sw_watchdog_interval setting. If the routing
// software fails this many times within the interval, it will be
// stopped and can only be restarted manually from the Diagnose
// page or by switching OSPF off and on again. Zero means no limit.
RoutingSwWatchdogLimit *int `json:"routing_sw_watchdog_limit,omitempty"`
// Mark Traffic IPv6 addresses as "deprecated" to prevent their
// use during IPv6 source selection.
Tipv6RaiseDeprecated *bool `json:"tipv6_raise_deprecated,omitempty"`
// The unicast UDP port to use to exchange cluster heartbeat messages.
UnicastPort *int `json:"unicast_port,omitempty"`
// Whether or not cluster heartbeat messages should only be sent
// and received over the management network.
UseBindIp *bool `json:"use_bind_ip,omitempty"`
// Whether or not a traffic manager should log all connectivity
// tests. This is very verbose, and should only be used for diagnostic
// purposes.
Verbose *bool `json:"verbose,omitempty"`
} `json:"fault_tolerance"`
Fips struct {
// Enable FIPS Mode (requires software restart).
Enabled *bool `json:"enabled,omitempty"`
} `json:"fips"`
Ftp struct {
// Whether or not the traffic manager should permit use of FTP data
// connection source ports lower than 1024. If "No" the traffic
// manager can completely drop root privileges, if "Yes" some or
// all privileges may be retained in order to bind to low ports.
DataBindLow *bool `json:"data_bind_low,omitempty"`
} `json:"ftp"`
Glb struct {
// Write a message to the logs for every DNS query that is load
// balanced, showing the source IP address and the chosen datacenter.
Verbose *bool `json:"verbose,omitempty"`
} `json:"glb"`
HistoricalActivity struct {
// Number of days to store historical traffic information, if set
// to "0" the data will be kept indefinitely.
KeepDays *int `json:"keep_days,omitempty"`
} `json:"historical_activity"`
Http struct {
// The maximum length the header line of an HTTP chunk can have
// in an upload from the client. Header lines exceeding this length
// will be considered invalid. The traffic manager buffers the
// header line before it can read any payload data in the chunk;
// the limit exists to protect against malicious clients that send
// very long lines but never any payload data.
MaxChunkHeaderLength *int `json:"max_chunk_header_length,omitempty"`
} `json:"http"`
Ip struct {
// A table of MAC to IP address mappings for each router where return
// path routing is required.
ApplianceReturnpath *GlobalSettingsApplianceReturnpathTable `json:"appliance_returnpath,omitempty"`
} `json:"ip"`
Java struct {
// CLASSPATH to use when starting the Java runner.
Classpath *string `json:"classpath,omitempty"`
// Java command to use when starting the Java runner, including
// any additional options.
Command *string `json:"command,omitempty"`
// Whether or not Java support should be enabled. If this is set
// to "No", then your traffic manager will not start any Java processes.
// Java support is only required if you are using the TrafficScript
// "java.run()" function.
Enabled *bool `json:"enabled,omitempty"`
// Java library directory for additional jar files. The Java runner
// will load classes from any ".jar" files stored in this directory,
// as well as the * jar files and classes stored in traffic manager's
// catalog.
Lib *string `json:"lib,omitempty"`
// Maximum number of simultaneous Java requests. If there are more
// than this many requests, then further requests will be queued
// until the earlier requests are completed. This setting is per-CPU,
// so if your traffic manager is running on a machine with 4 CPU
// cores, then each core can make this many requests at one time.
MaxConnections *int `json:"max_connections,omitempty"`
// Default time to keep a Java session.
SessionAge *int `json:"session_age,omitempty"`
} `json:"java"`
Kerberos struct {
// The period of time after which an outstanding Kerberos operation
// will be cancelled, generating an error for dependent operations.
Timeout *int `json:"timeout,omitempty"`
// Whether or not a traffic manager should log all Kerberos related
// activity. This is very verbose, and should only be used for
// diagnostic purposes.
Verbose *bool `json:"verbose,omitempty"`
} `json:"kerberos"`
Log struct {
// The minimum severity of events/alerts that should be logged to
// disk. "INFO" will log all events; a higher severity setting will
// log fewer events. More fine-grained control can be achieved
// using events and actions.
ErrorLevel *string `json:"error_level,omitempty"`
// How long to wait before flushing the request log files for each
// virtual server.
FlushTime *int `json:"flush_time,omitempty"`
// The file to log event messages to.
LogFile *string `json:"log_file,omitempty"`
// The maximum number of connection errors logged per second when
// connection error reporting is enabled.
Rate *int `json:"rate,omitempty"`
// How long to wait before re-opening request log files, this ensures
// that log files will be recreated in the case of log rotation.
Reopen *int `json:"reopen,omitempty"`
// The minimum time between log messages for log intensive features
// such as SLM.
Time *int `json:"time,omitempty"`
} `json:"log"`
LogExport struct {
// The HTTP Event Collector token to use for HTTP authentication
// with a Splunk server.
AuthHecToken *string `json:"auth_hec_token,omitempty"`
// The HTTP authentication method to use when exporting log entries.
AuthHttp *string `json:"auth_http,omitempty"`
// The password to use for HTTP basic authentication.
AuthPassword *string `json:"auth_password,omitempty"`
// The username to use for HTTP basic authentication.
AuthUsername *string `json:"auth_username,omitempty"`
// Monitor log files and export entries to the configured endpoint.
Enabled *bool `json:"enabled,omitempty"`
// The URL to which log entries should be sent. Entries are sent
// using HTTP(S) POST requests.
Endpoint *string `json:"endpoint,omitempty"`
// The maximum size of any individual log entry to be exported.
// Log entries that exceed this size will be truncated. The maximum
// individual entry size must be at least "80" characters. A value
// of "0" means that no limit is imposed on the length of message
// for any individual entry.
MaxEventMessageSize *int `json:"max_event_message_size,omitempty"`
// The maximum bandwidth to be used for sending HTTP requests to
// the configured endpoint, measured in kilobits per second. A value
// of zero means that no bandwidth limit will be imposed.
MaxRequestBandwidth *int `json:"max_request_bandwidth,omitempty"`
// The maximum amount of log data to export in a single request.
// A value of "0" means no limit.
MaxRequestSize *int `json:"max_request_size,omitempty"`
// The maximum permitted size of HTTP responses from the configured
// endpoint. Both headers and body data are included in the size
// calculation. A response exceeding this size will be treated as
// an error response. A value of "0" means that there is no limit
// to the size of response that will be considered valid.
MaxResponseSize *int `json:"max_response_size,omitempty"`
// An upper limit to the interval for rate limiting all errors raised
// by the log exporter.
MaximumErrorRaisingPeriod *int `json:"maximum_error_raising_period,omitempty"`
// A lower limit to the interval for rate limiting all errors raised
// by the log exporter. The interval can only be shorter than this
// limit if the maximum interval is set to be less than this minimum
// limit.
MinimumErrorRaisingPeriod *int `json:"minimum_error_raising_period,omitempty"`
// The number of seconds after which HTTP requests sent to the configured
// endpoint will be considered to have failed if no response is
// received. A value of "0" means that HTTP requests will not time
// out.
RequestTimeout *int `json:"request_timeout,omitempty"`
// Whether the server certificate should be verified when connecting
// to the endpoint. If enabled, server certificates that do not
// match the server name, are self-signed, have expired, have been
// revoked, or that are signed by an unknown CA will be rejected.
TlsVerify *bool `json:"tls_verify,omitempty"`
} `json:"log_export"`
Ospfv2 struct {
// The OSPF area in which the traffic manager will operate. May
// be entered in decimal or IPv4 address format.
Area *string `json:"area,omitempty"`
// The type of OSPF area in which the traffic manager will operate.
// This must be the same for all routers in the area, as required
// by OSPF.
AreaType *string `json:"area_type,omitempty"`
// OSPFv2 authentication key ID. If set to 0, which is the default
// value, the key is disabled.
AuthenticationKeyIdA *int `json:"authentication_key_id_a,omitempty"`
// OSPFv2 authentication key ID. If set to 0, which is the default
// value, the key is disabled.
AuthenticationKeyIdB *int `json:"authentication_key_id_b,omitempty"`
// OSPFv2 authentication shared secret (MD5). If set to blank, which
// is the default value, the key is disabled.
AuthenticationSharedSecretA *string `json:"authentication_shared_secret_a,omitempty"`
// OSPFv2 authentication shared secret (MD5). If set to blank, which
// is the default value, the key is disabled.
AuthenticationSharedSecretB *string `json:"authentication_shared_secret_b,omitempty"`
// The number of seconds before declaring a silent router down.
DeadInterval *int `json:"dead_interval,omitempty"`
// Whether OSPFv2 Route Health Injection is enabled
Enabled *bool `json:"enabled,omitempty"`
// The interval at which OSPF "hello" packets are sent to the network.
HelloInterval *int `json:"hello_interval,omitempty"`
} `json:"ospfv2"`
PeriodicLog struct {
// Enable periodic logging
Enabled *bool `json:"enabled,omitempty"`
// Time interval in seconds for periodic logging
Interval *int `json:"interval,omitempty"`
// Maximum size (in MBytes) for the archive periodic logs. When
// combined size of the archives exceeds this value, the oldest
// archives will be deleted. Set to 0 to disable archive size limit
MaxArchiveSetSize *int `json:"max_archive_set_size,omitempty"`
// Maximum size (in MBytes) for the current set of periodic logs.
// If this size is exceeded, the current set will be archived. Set
// to zero to disable archiving based on current set size.
MaxLogSetSize *int `json:"max_log_set_size,omitempty"`
// Maximum number of archived log sets to keep. When the number
// of archived periodic log sets exceeds this, the oldest archives
// will be deleted.
MaxNumArchives *int `json:"max_num_archives,omitempty"`
// Number of periodic logs which should be archived together as
// a run.
RunCount *int `json:"run_count,omitempty"`
} `json:"periodic_log"`
Protection struct {
// The amount of shared memory reserved for an inter-process table
// of combined connection counts, used by all Service Protection
// classes that have "per_process_connection_count" set to "No".
// The amount is specified as an absolute size, eg 20MB.
ConncountSize *string `json:"conncount_size,omitempty"`
} `json:"protection"`
RecentConnections struct {
// How many recently closed connections each traffic manager process
// should save. These saved connections will be shown alongside
// currently active connections when viewing the Connections page.
// You should set this value to "0" in a benchmarking or performance-critical
// environment.
MaxPerProcess *int `json:"max_per_process,omitempty"`
// The amount of time for which snapshots will be retained on the
// Connections page.
RetainTime *int `json:"retain_time,omitempty"`
// The maximum number of connections each traffic manager process
// should show when viewing a snapshot on the Connections page.
// This value includes both currently active connections and saved
// connections. If set to "0" all active and saved connection will
// be displayed on the Connections page.
SnapshotSize *int `json:"snapshot_size,omitempty"`
} `json:"recent_connections"`
RemoteLicensing struct {
// The Owner of a Services Director instance, used for self-registration.
Owner *string `json:"owner,omitempty"`
// The secret associated with the Owner.
OwnerSecret *string `json:"owner_secret,omitempty"`
// The auto-accept Policy ID that this instance should attempt to
// use.
PolicyId *string `json:"policy_id,omitempty"`
// A Services Director address for self-registration. A registration
// server should be specified as a "<ip/host>:<port>" pair.
RegistrationServer *string `json:"registration_server,omitempty"`
// Time-out value for the self-register script.
ScriptTimeout *int `json:"script_timeout,omitempty"`
// The certificate of a Services Director instance, used for self-registration.
ServerCertificate *string `json:"server_certificate,omitempty"`
} `json:"remote_licensing"`
RestApi struct {
// The length of time after a successful request that the authentication
// of a given username and password will be cached for an IP address.
// A setting of 0 disables the cache forcing every REST request
// to be authenticated which will adversely affect performance.
AuthTimeout *int `json:"auth_timeout,omitempty"`
// Maximum amount of time in seconds to block the event queue waiting
// for unparallisable events like loading from disk.
BlockForFutureMax *int `json:"block_for_future_max,omitempty"`
// Minimum size in bytes a response body needs to be for compression
// (e.g. gzip) to be used. Set to 0 to always use compression when
// available.
HttpCompressMin *int `json:"http_compress_min,omitempty"`
// The length of time in seconds an idle connection will be kept
// open before the REST API closes the connection.
HttpKeepAliveTimeout *int `json:"http_keep_alive_timeout,omitempty"`
// The maximum allowed length in bytes of a HTTP request's headers.
HttpMaxHeaderLength *int `json:"http_max_header_length,omitempty"`
// Maximum size in bytes the body of an HTTP PUT request can be
// for a key-value resource (i.e. a JSON request)
HttpMaxResourceBodyLength *int `json:"http_max_resource_body_length,omitempty"`
// Maximum size in bytes the per-connection output buffer can grow
// to before being paused.
HttpMaxWriteBuffer *int `json:"http_max_write_buffer,omitempty"`
// Maximum time in seconds to keep an idle session open for.
HttpSessionTimeout *int `json:"http_session_timeout,omitempty"`
// A set of symlinks that the REST API maps to actual directories.
// Used to add mirored resources so proxies work correctly.
ProxyMap *GlobalSettingsProxyMapTable `json:"proxy_map,omitempty"`
// Configuration changes will be replicated across the cluster after
// this period of time, regardless of whether additional API requests
// are being made.
ReplicateAbsolute *int `json:"replicate_absolute,omitempty"`
// Configuration changes made via the REST API will be propagated
// across the cluster when no further API requests have been made
// for this period of time.
ReplicateLull *int `json:"replicate_lull,omitempty"`
// The period of time after which configuration replication across
// the cluster will be cancelled if it has not completed.
ReplicateTimeout *int `json:"replicate_timeout,omitempty"`
} `json:"rest_api"`
Security struct {
// Banner text displayed on the Admin Server login page and before
// logging in to appliance SSH servers.
LoginBanner *string `json:"login_banner,omitempty"`
// Whether or not users must explicitly agree to the displayed "login_banner"
// text before logging in to the Admin Server.
LoginBannerAccept *bool `json:"login_banner_accept,omitempty"`
// The number of seconds before another login attempt can be made
// after a failed attempt.
LoginDelay *int `json:"login_delay,omitempty"`
// The number of sequential failed login attempts that will cause
// a user account to be suspended. Setting this to "0" disables
// this feature. To apply this to users who have never successfully
// logged in, "track_unknown_users" must also be enabled.
MaxLoginAttempts *int `json:"max_login_attempts,omitempty"`
// Whether or not usernames blocked due to the "max_login_attempts"
// limit should also be blocked from authentication against external
// services (such as LDAP and RADIUS).
MaxLoginExternal *bool `json:"max_login_external,omitempty"`
// The number of minutes to suspend users who have exceeded the
// "max_login_attempts" limit.
MaxLoginSuspensionTime *int `json:"max_login_suspension_time,omitempty"`
// Whether or not to allow the same character to appear consecutively
// in passwords.
PasswordAllowConsecutiveChars *bool `json:"password_allow_consecutive_chars,omitempty"`
// The maximum number of times a password can be changed in a 24-hour
// period. Set to "0" to disable this restriction.
PasswordChangesPerDay *int `json:"password_changes_per_day,omitempty"`
// Minimum number of alphabetic characters a password must contain.
// Set to 0 to disable this restriction.
PasswordMinAlphaChars *int `json:"password_min_alpha_chars,omitempty"`
// Minimum number of characters a password must contain. Set to