#

# Licensed to the Apache Software Foundation (ASF) under one

# or more contributor license agreements. See the NOTICE file

# distributed with this work for additional information

# regarding copyright ownership. The ASF licenses this file

# to you under the Apache License, Version 2.0 (the

# "License"); you may not use this file except in compliance

# with the License. You may obtain a copy of the License at

#

# http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing,

# software distributed under the License is distributed on an

# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

# KIND, either express or implied. See the License for the

# specific language governing permissions and limitations

# under the License.

#

### --- General broker settings --- ###

# The metadata store URL

# Examples:

# * zk:my-zk-1:2181,my-zk-2:2181,my-zk-3:2181

# * my-zk-1:2181,my-zk-2:2181,my-zk-3:2181 (will default to ZooKeeper when the schema is not specified)

# * zk:my-zk-1:2181,my-zk-2:2181,my-zk-3:2181/my-chroot-path (to add a ZK chroot path)

metadataStoreUrl=

# Configuration file path for metadata store. It's supported by RocksdbMetadataStore and EtcdMetadataStore for now

metadataStoreConfigPath=

# The metadata store URL for the configuration data. If empty, we fall back to use metadataStoreUrl

configurationMetadataStoreUrl=

brokerServicePort=6650

# Port to use to server HTTP request

webServicePort=8080

# Hostname or IP address the service binds on, default is 0.0.0.0.

bindAddress=0.0.0.0

# Extra bind addresses for the service: <listener_name>:<scheme>://<host>:<port>,[...]

bindAddresses=

# Hostname or IP address the service advertises to the outside world.

# If not set, the value of InetAddress.getLocalHost().getCanonicalHostName() is used.

advertisedAddress=

# Enable or disable the HAProxy protocol.

# If true, the real IP addresses of consumers and producers can be obtained when getting topic statistics data.

haProxyProtocolEnabled=false

# Enable or disable the use of HA proxy protocol for resolving the client IP for http/https requests.

webServiceHaProxyProtocolEnabled=false

# Trust X-Forwarded-For header for resolving the client IP for http/https requests. Default is false.

webServiceTrustXForwardedFor=false

# Add detailed client/remote and server/local addresses and ports to http/https request logging.

# Defaults to true when either webServiceHaProxyProtocolEnabled or webServiceTrustXForwardedFor is enabled.

webServiceLogDetailedAddresses=

# Number of threads to use for Netty IO. Default is set to 2 * Runtime.getRuntime().availableProcessors()

numIOThreads=

# Number of threads to use for ordered executor. The ordered executor is used to operate with zookeeper,

# such as init zookeeper client, get namespace policies from zookeeper etc. It also used to split bundle. Default is 8

numOrderedExecutorThreads=8

# Number of threads to use for HTTP requests processing. Default is set to 2 * Runtime.getRuntime().availableProcessors()

numHttpServerThreads=

# Number of thread pool size to use for pulsar broker service.

# The executor in thread pool will do basic broker operation like load/unload bundle, update managedLedgerConfig,

# update topic/subscription/replicator message dispatch rate, do leader election etc.

# Default is Runtime.getRuntime().availableProcessors()

numExecutorThreadPoolSize=

# Number of thread pool size to use for pulsar zookeeper callback service

# The cache executor thread pool is used for restarting global zookeeper session.

# Default is 10

numCacheExecutorThreadPoolSize=10

# Max concurrent web requests

maxConcurrentHttpRequests=1024

# Name of the cluster to which this broker belongs to

clusterName=standalone

# Enable cluster's failure-domain which can distribute brokers into logical region

failureDomainsEnabled=false

# Metadata store session timeout in milliseconds

metadataStoreSessionTimeoutMillis=30000

# Metadata store operation timeout in seconds

metadataStoreOperationTimeoutSeconds=30

# Metadata store cache expiry time in seconds

metadataStoreCacheExpirySeconds=300

# Time to wait for broker graceful shutdown. After this time elapses, the process will be killed

brokerShutdownTimeoutMs=60000

# Flag to skip broker shutdown when broker handles Out of memory error

skipBrokerShutdownOnOOM=false

# Enable backlog quota check. Enforces action on topic when the quota is reached

backlogQuotaCheckEnabled=true

# How often to check for topics that have reached the quota

backlogQuotaCheckIntervalInSeconds=60

# Default per-topic backlog quota limit

backlogQuotaDefaultLimitGB=10

# Default per-topic backlog quota time limit in second, less than 0 means no limitation. default is -1.

backlogQuotaDefaultLimitSecond=-1

# Default ttl for namespaces if ttl is not already configured at namespace policies. (disable default-ttl with value 0)

ttlDurationDefaultInSeconds=0

# Additional system subscriptions that will be ignored by ttl check. The cursor names are comma separated.

# Default is empty.

# additionalSystemCursorNames=

# Enable the deletion of inactive topics. This parameter need to cooperate with the allowAutoTopicCreation parameter.

# If brokerDeleteInactiveTopicsEnabled is set to true, we should ensure that allowAutoTopicCreation is also set to true.

brokerDeleteInactiveTopicsEnabled=true

# How often to check for inactive topics

brokerDeleteInactiveTopicsFrequencySeconds=60

# Allow you to delete a tenant forcefully.

forceDeleteTenantAllowed=false

# Allow you to delete a namespace forcefully.

forceDeleteNamespaceAllowed=false

# Max pending publish requests per connection to avoid keeping large number of pending

# requests in memory. Default: 1000

maxPendingPublishRequestsPerConnection=1000

# How frequently to proactively check and purge expired messages

messageExpiryCheckIntervalInMinutes=5

# How long to delay rewinding cursor and dispatching messages when active consumer is changed

activeConsumerFailoverDelayTimeMillis=1000

# Enable consistent hashing for selecting the active consumer in partitioned topics with Failover subscription type.

# For non-partitioned topics, consistent hashing is used by default.

activeConsumerFailoverConsistentHashing=false

# How long to delete inactive subscriptions from last consuming

# When it is 0, inactive subscriptions are not deleted automatically

subscriptionExpirationTimeMinutes=0

# Enable subscription message redelivery tracker to send redelivery count to consumer (default is enabled)

subscriptionRedeliveryTrackerEnabled=true

# On KeyShared subscriptions, with default AUTO_SPLIT mode, use splitting ranges or

# consistent hashing to reassign keys to new consumers

subscriptionKeySharedUseConsistentHashing=true

# On KeyShared subscriptions, number of points in the consistent-hashing ring.

# The higher the number, the more equal the assignment of keys to consumers

subscriptionKeySharedConsistentHashingReplicaPoints=100

# How frequently to proactively check and purge expired subscription

subscriptionExpiryCheckIntervalInMinutes=5

# Set the default behavior for message deduplication in the broker

# This can be overridden per-namespace. If enabled, broker will reject

# messages that were already stored in the topic

brokerDeduplicationEnabled=false

# Maximum number of producer information that it's going to be

# persisted for deduplication purposes

brokerDeduplicationMaxNumberOfProducers=10000

# Number of entries after which a dedup info snapshot is taken.

# A bigger interval will lead to less snapshots being taken though it would

# increase the topic recovery time, when the entries published after the

# snapshot need to be replayed

brokerDeduplicationEntriesInterval=1000

# Time of inactivity after which the broker will discard the deduplication information

# relative to a disconnected producer. Default is 6 hours.

brokerDeduplicationProducerInactivityTimeoutMinutes=360

# When a namespace is created without specifying the number of bundle, this

# value will be used as the default

defaultNumberOfNamespaceBundles=4

# Max number of topics allowed to be created in the namespace. When the topics reach the max topics of the namespace,

# the broker should reject the new topic request(include topic auto-created by the producer or consumer)

# until the number of connected consumers decrease.

# Using a value of 0, is disabling maxTopicsPerNamespace-limit check.

maxTopicsPerNamespace=0

# Allow schema to be auto updated at broker level. User can override this by

# 'is_allow_auto_update_schema' of namespace policy.

isAllowAutoUpdateSchemaEnabled=true

# Enable check for minimum allowed client library version

clientLibraryVersionCheckEnabled=false

# Path for the file used to determine the rotation status for the broker when responding

# to service discovery health checks

statusFilePath=/usr/local/apache/htdocs

# Max number of unacknowledged messages allowed to receive messages by a consumer on a shared subscription. Broker will stop sending

# messages to consumer once, this limit reaches until consumer starts acknowledging messages back

# Using a value of 0, is disabling unackeMessage limit check and consumer can receive messages without any restriction

maxUnackedMessagesPerConsumer=50000

# Max number of unacknowledged messages allowed per shared subscription. Broker will stop dispatching messages to

# all consumers of the subscription once this limit reaches until consumer starts acknowledging messages back and

# unack count reaches to limit/2. Using a value of 0, is disabling unackedMessage-limit

# check and dispatcher can dispatch messages without any restriction

maxUnackedMessagesPerSubscription=200000

# Max number of unacknowledged messages allowed per broker. Once this limit reaches, broker will stop dispatching

# messages to all shared subscription which has higher number of unack messages until subscriptions start

# acknowledging messages back and unack count reaches to limit/2. Using a value of 0, is disabling

# unackedMessage-limit check and broker doesn't block dispatchers

maxUnackedMessagesPerBroker=0

# Once broker reaches maxUnackedMessagesPerBroker limit, it blocks subscriptions which has higher unacked messages

# than this percentage limit and subscription will not receive any new messages until that subscription acks back

# limit/2 messages

maxUnackedMessagesPerSubscriptionOnBrokerBlocked=0.16

# For Key_Shared subscriptions, if messages cannot be dispatched to consumers due to a slow consumer

# or a blocked key hash (because of ordering constraints), the broker will continue reading more

# messages from the backlog and attempt to dispatch them to consumers until the number of replay

# messages reaches the calculated threshold.

# Formula: threshold = min(keySharedLookAheadMsgInReplayThresholdPerConsumer *

# connected consumer count, keySharedLookAheadMsgInReplayThresholdPerSubscription).

# Setting this value to 0 will disable the limit calculated per consumer.

keySharedLookAheadMsgInReplayThresholdPerConsumer=2000

# For Key_Shared subscriptions, if messages cannot be dispatched to consumers due to a slow consumer

# or a blocked key hash (because of ordering constraints), the broker will continue reading more

# messages from the backlog and attempt to dispatch them to consumers until the number of replay

# messages reaches the calculated threshold.

# Formula: threshold = min(keySharedLookAheadMsgInReplayThresholdPerConsumer *

# connected consumer count, keySharedLookAheadMsgInReplayThresholdPerSubscription).

# This value should be set to a value less than 2 * managedLedgerMaxUnackedRangesToPersist.

# Setting this value to 0 will disable the limit calculated per subscription.

keySharedLookAheadMsgInReplayThresholdPerSubscription=20000

# Tick time to schedule task that checks topic publish rate limiting across all topics

# Reducing to lower value can give more accuracy while throttling publish but

# it uses more CPU to perform frequent check. (Disable publish throttling with value 0)

topicPublisherThrottlingTickTimeMillis=2

# Tick time to schedule task that checks broker publish rate limiting across all topics

# Reducing to lower value can give more accuracy while throttling publish but

# it uses more CPU to perform frequent check. (Disable publish throttling with value 0)

brokerPublisherThrottlingTickTimeMillis=50

# Max Rate(in 1 seconds) of Message allowed to publish for a broker if broker publish rate limiting enabled

# (Disable message rate limit with value 0)

brokerPublisherThrottlingMaxMessageRate=0

# Max Rate(in 1 seconds) of Byte allowed to publish for a broker if broker publish rate limiting enabled

# (Disable byte rate limit with value 0)

brokerPublisherThrottlingMaxByteRate=0

# The class name of the factory that creates DispatchRateLimiter implementations. Current options are

# org.apache.pulsar.broker.service.persistent.DispatchRateLimiterFactoryAsyncTokenBucket (default, PIP-322 implementation)

# and org.apache.pulsar.broker.service.persistent.DispatchRateLimiterFactoryClassic (legacy implementation)

dispatchRateLimiterFactoryClassName=org.apache.pulsar.broker.service.persistent.DispatchRateLimiterFactoryAsyncTokenBucket

# Default messages per second dispatch throttling-limit for every topic. Using a value of 0, is disabling default

# message dispatch-throttling

dispatchThrottlingRatePerTopicInMsg=0

# Default bytes per second dispatch throttling-limit for every topic. Using a value of 0, is disabling

# default message-byte dispatch-throttling

dispatchThrottlingRatePerTopicInByte=0

# Apply dispatch rate limiting on batch message instead individual

# messages with in batch message. (Default is disabled)

dispatchThrottlingOnBatchMessageEnabled=false

# Dispatch rate-limiting relative to publish rate.

# (Enabling flag will make broker to dynamically update dispatch-rate relatively to publish-rate:

# throttle-dispatch-rate = (publish-rate + configured dispatch-rate).

dispatchThrottlingRateRelativeToPublishRate=false

# By default we enable dispatch-throttling for both caught up consumers as well as consumers who have

# backlog.

dispatchThrottlingOnNonBacklogConsumerEnabled=true

# The read failure backoff initial time in milliseconds. By default it is 15s.

dispatcherReadFailureBackoffInitialTimeInMs=15000

# The read failure backoff max time in milliseconds. By default it is 60s.

dispatcherReadFailureBackoffMaxTimeInMs=60000

# The read failure backoff mandatory stop time in milliseconds. By default it is 0s.

dispatcherReadFailureBackoffMandatoryStopTimeInMs=0

# On Shared and KeyShared subscriptions, if all available messages in the subscription are filtered

# out and not dispatched to any consumer, message dispatching will be rescheduled with a backoff

# delay. This parameter sets the initial backoff delay in milliseconds.

dispatcherRetryBackoffInitialTimeInMs=1

# On Shared and KeyShared subscriptions, if all available messages in the subscription are filtered

# out and not dispatched to any consumer, message dispatching will be rescheduled with a backoff

# delay. This parameter sets the maximum backoff delay in milliseconds.

dispatcherRetryBackoffMaxTimeInMs=10

# Precise dispatcher flow control according to history message number of each entry

preciseDispatcherFlowControl=false

# Max number of concurrent lookup request broker allows to throttle heavy incoming lookup traffic

maxConcurrentLookupRequest=50000

# Maximum heap memory for inflight topic list operations (MB).

# Default: 100 MB (supports ~1M topic names assuming 100 bytes each)

maxTopicListInFlightHeapMemSizeMB=100

# Maximum direct memory for inflight topic list responses (MB).

# Default: 100 MB (network buffers for serialized responses)

maxTopicListInFlightDirectMemSizeMB=100

# Timeout for acquiring heap memory permits (milliseconds).

# Default: 25000 (25 seconds)

maxTopicListInFlightHeapMemSizePermitsAcquireTimeoutMillis=25000

# Maximum queue size for heap memory permit requests.

# Default: 10000 (prevent unbounded queueing)

maxTopicListInFlightHeapMemSizePermitsAcquireQueueSize=10000

# Timeout for acquiring direct memory permits (milliseconds).

# Default: 25000 (25 seconds)

maxTopicListInFlightDirectMemSizePermitsAcquireTimeoutMillis=25000

# Maximum queue size for direct memory permit requests.

# Default: 10000 (prevent unbounded queueing)

maxTopicListInFlightDirectMemSizePermitsAcquireQueueSize=10000

# Max number of concurrent topic loading request broker allows to control number of zk-operations

maxConcurrentTopicLoadRequest=5000

# Max concurrent non-persistent message can be processed per connection

maxConcurrentNonPersistentMessagePerConnection=1000

# Number of worker threads to serve topic ordered executor

topicOrderedExecutorThreadNum=8

# Enable broker to load persistent topics

enablePersistentTopics=true

# Enable broker to load non-persistent topics

enableNonPersistentTopics=true

# Max number of producers allowed to connect to topic. Once this limit reaches, Broker will reject new producers

# until the number of connected producers decrease.

# Using a value of 0, is disabling maxProducersPerTopic-limit check.

maxProducersPerTopic=0

# Max number of producers with the same IP address allowed to connect to topic.

# Once this limit reaches, Broker will reject new producers until the number of

# connected producers with the same IP address decrease.

# Using a value of 0, is disabling maxSameAddressProducersPerTopic-limit check.

maxSameAddressProducersPerTopic=0

# Enforce producer to publish encrypted messages.(default disable).

encryptionRequireOnProducer=false

# Max number of consumers allowed to connect to topic. Once this limit reaches, Broker will reject new consumers

# until the number of connected consumers decrease.

# Using a value of 0, is disabling maxConsumersPerTopic-limit check.

maxConsumersPerTopic=0

# Max number of consumers with the same IP address allowed to connect to topic.

# Once this limit reaches, Broker will reject new consumers until the number of

# connected consumers with the same IP address decrease.

# Using a value of 0, is disabling maxSameAddressConsumersPerTopic-limit check.

maxSameAddressConsumersPerTopic=0

# Max number of subscriptions allowed to subscribe to topic. Once this limit reaches, broker will reject

# new subscription until the number of subscribed subscriptions decrease.

# Using a value of 0, is disabling maxSubscriptionsPerTopic limit check.

maxSubscriptionsPerTopic=0

# Max number of consumers allowed to connect to subscription. Once this limit reaches, Broker will reject new consumers

# until the number of connected consumers decrease.

# Using a value of 0, is disabling maxConsumersPerSubscription-limit check.

maxConsumersPerSubscription=0

# Max number of partitions per partitioned topic

# Use 0 or negative number to disable the check

maxNumPartitionsPerPartitionedTopic=0

# Enable the evaluation of subscription patterns on the broker.

# if true the broker only sends the list of matching topics to the clients.

enableBrokerSideSubscriptionPatternEvaluation=true

# The maximum length of patterns that a broker evaluates.

# Longer patterns are rejected to avoid patterns that are crafted to overload the broker.

subscriptionPatternMaxLength=50

# The regular expression implementation to use for topic pattern matching.

# RE2J_WITH_JDK_FALLBACK is the default. It uses the RE2J implementation and falls back to

# the JDK implementation for backwards compatibility reasons when the pattern compilation fails

# with the RE2/j library.

# RE2J is more performant but does not support all regex features (e.g. negative lookaheads).

# JDK uses the standard Java regex implementation which supports all features but can be slower.

# Bad or malicious regex patterns requiring extensive backtracing could cause high resource usage

# with RE2J_WITH_JDK_FALLBACK or JDK implementations.

topicsPatternRegexImplementation=RE2J_WITH_JDK_FALLBACK

### --- Metadata Store --- ###

# Whether we should enable metadata operations batching

metadataStoreBatchingEnabled=true

# Maximum delay to impose on batching grouping

metadataStoreBatchingMaxDelayMillis=5

# Maximum number of operations to include in a singular batch

metadataStoreBatchingMaxOperations=1000

# Maximum size of a batch

metadataStoreBatchingMaxSizeKb=128

# The number of threads used for serializing and deserializing data to and from the metadata store

metadataStoreSerDesThreads=1

### --- TLS --- ###

# Deprecated - Use webServicePortTls and brokerServicePortTls instead

tlsEnabled=false

# Tls cert refresh duration in seconds (set 0 to check on every new connection)

tlsCertRefreshCheckDurationSec=300

# Path for the TLS certificate file

tlsCertificateFilePath=

# Path for the TLS private key file

tlsKeyFilePath=

# Path for the trusted TLS certificate file.

# This cert is used to verify that any certs presented by connecting clients

# are signed by a certificate authority. If this verification

# fails, then the certs are untrusted and the connections are dropped.

tlsTrustCertsFilePath=

# Accept untrusted TLS certificate from client.

# If true, a client with a cert which cannot be verified with the

# 'tlsTrustCertsFilePath' cert will allowed to connect to the server,

# though the cert will not be used for client authentication.

tlsAllowInsecureConnection=false

# Specify the tls protocols the broker will use to negotiate during TLS handshake

# (a comma-separated list of protocol names).

# Examples:

# tlsProtocols=TLSv1.3,TLSv1.2

tlsProtocols=

# Specify the tls cipher the broker will use to negotiate during TLS Handshake

# (a comma-separated list of ciphers).

# Examples:

# tlsCiphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

tlsCiphers=

# Trusted client certificates are required for to connect TLS

# Reject the Connection if the Client Certificate is not trusted.

# In effect, this requires that all connecting clients perform TLS client

# authentication.

tlsRequireTrustedClientCertOnConnect=false

# Specify the TLS provider for the broker service:

# When using TLS authentication with CACert, the valid value is either OPENSSL or JDK.

# When using TLS authentication with KeyStore, available values can be SunJSSE, Conscrypt and etc.

tlsProvider=

# Specify the TLS provider for the web service: SunJSSE, Conscrypt and etc.

webServiceTlsProvider=Conscrypt

### --- KeyStore TLS config variables --- ###

# Enable TLS with KeyStore type configuration in broker.

tlsEnabledWithKeyStore=false

# TLS KeyStore type configuration in broker: JKS, PKCS12

tlsKeyStoreType=JKS

# TLS KeyStore path in broker

tlsKeyStore=

# TLS KeyStore password for broker

tlsKeyStorePassword=

# TLS TrustStore type configuration in broker: JKS, PKCS12

tlsTrustStoreType=JKS

# TLS TrustStore path in broker

tlsTrustStore=

# TLS TrustStore password for broker

tlsTrustStorePassword=

# Whether internal client uses TLS to connection the broker

brokerClientTlsEnabled=false

# Whether internal client use KeyStore type to authenticate with Pulsar brokers

brokerClientTlsEnabledWithKeyStore=false

# The TLS Provider used by internal client to authenticate with other Pulsar brokers

brokerClientSslProvider=

# TLS trusted certificate file for internal client,

# used by the internal client to authenticate with Pulsar brokers

brokerClientTrustCertsFilePath=

# TLS private key file for internal client,

# used by the internal client to authenticate with Pulsar brokers

brokerClientKeyFilePath=

# TLS certificate file for internal client,

# used by the internal client to authenticate with Pulsar brokers

brokerClientCertificateFilePath=

# TLS KeyStore type configuration for internal client: JKS, PKCS12

# used by the internal client to authenticate with Pulsar brokers

brokerClientTlsKeyStoreType=JKS

# TLS KeyStore path for internal client

# used by the internal client to authenticate with Pulsar brokers

brokerClientTlsKeyStore=

# TLS KeyStore password for internal client,

# used by the internal client to authenticate with Pulsar brokers

brokerClientTlsKeyStorePassword=

# TLS TrustStore type configuration for internal client: JKS, PKCS12

# used by the internal client to authenticate with Pulsar brokers

brokerClientTlsTrustStoreType=JKS

# TLS TrustStore path for internal client

# used by the internal client to authenticate with Pulsar brokers

brokerClientTlsTrustStore=

# TLS TrustStore password for internal client,

# used by the internal client to authenticate with Pulsar brokers

brokerClientTlsTrustStorePassword=

# Specify the tls cipher the internal client will use to negotiate during TLS Handshake

# (a comma-separated list of ciphers)

# used by the internal client to authenticate with Pulsar brokers

# Examples:

# brokerClientTlsCiphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

brokerClientTlsCiphers=

# Specify the tls protocols the broker will use to negotiate during TLS handshake

# (a comma-separated list of protocol names).

# used by the internal client to authenticate with Pulsar brokers

# Examples:

# brokerClientTlsProtocols=TLSv1.3,TLSv1.2

brokerClientTlsProtocols=

# Enable or disable system topic

systemTopicEnabled=true

# Deploy the schema compatibility checker for a specific schema type to enforce schema compatibility check

schemaRegistryCompatibilityCheckers=org.apache.pulsar.broker.service.schema.JsonSchemaCompatibilityCheck,org.apache.pulsar.broker.service.schema.AvroSchemaCompatibilityCheck,org.apache.pulsar.broker.service.schema.ProtobufNativeSchemaCompatibilityCheck,org.apache.pulsar.broker.service.schema.ExternalSchemaCompatibilityCheck

# The schema compatibility strategy is used for system topics.

# Available values: ALWAYS_INCOMPATIBLE, ALWAYS_COMPATIBLE, BACKWARD, FORWARD, FULL, BACKWARD_TRANSITIVE, FORWARD_TRANSITIVE, FULL_TRANSITIVE

systemTopicSchemaCompatibilityStrategy=ALWAYS_COMPATIBLE

# Enable or disable topic level policies, topic level policies depends on the system topic

# Please enable the system topic first.

topicLevelPoliciesEnabled=true

# If a topic remains fenced for this number of seconds, it will be closed forcefully.

# If it is set to 0 or a negative number, the fenced topic will not be closed.

topicFencingTimeoutSeconds=0

### --- Authentication --- ###

# Role names that are treated as "proxy roles". If the broker sees a request with

#role as proxyRoles - it will demand to see a valid original principal.

proxyRoles=

# If this flag is set then the broker authenticates the original Auth data

# else it just accepts the originalPrincipal and authorizes it (if required).

authenticateOriginalAuthData=false

# Enable authentication

authenticationEnabled=false

# Enable authentication role anonymizer, can be REDACTED, hash:SHA256, hash:MD5, default is NONE

authenticationRoleLoggingAnonymizer=NONE

# Authentication provider name list, which is comma separated list of class names

authenticationProviders=

# Enforce authorization

authorizationEnabled=false

# Authorization provider fully qualified class-name

authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider

# Allow wildcard matching in authorization

# (wildcard matching only applicable if wildcard-char:

# * presents at first or last position eg: *.pulsar.service, pulsar.service.*)

authorizationAllowWildcardsMatching=false

# Role names that are treated as "super-user", meaning they will be able to do all admin

# operations and publish/consume from all topics

superUserRoles=

# Authentication settings of the broker itself. Used when the broker connects to other brokers,

# either in same or other clusters

brokerClientAuthenticationPlugin=

brokerClientAuthenticationParameters=

# Supported Athenz provider domain names(comma separated) for authentication

athenzDomainNames=

# When this parameter is not empty, unauthenticated users perform as anonymousUserRole

anonymousUserRole=

## Configure the datasource of basic authenticate, supports the file and Base64 format.

# file:

# basicAuthConf=/path/my/.htpasswd

# use Base64 to encode the contents of .htpasswd:

# basicAuthConf=YOUR-BASE64-DATA

basicAuthConf=

### --- Token Authentication Provider --- ###

## Symmetric key

# Configure the secret key to be used to validate auth tokens

# The key can be specified like:

# tokenSecretKey=data:;base64,xxxxxxxxx

# tokenSecretKey=file:///my/secret.key ( Note: key file must be DER-encoded )

tokenSecretKey=

## Asymmetric public/private key pair

# Configure the public key to be used to validate auth tokens

# The key can be specified like:

# tokenPublicKey=data:;base64,xxxxxxxxx

# tokenPublicKey=file:///my/public.key ( Note: key file must be DER-encoded )

tokenPublicKey=

# The token "claim" that will be interpreted as the authentication "role" or "principal" by AuthenticationProviderToken (defaults to "sub" if blank)

tokenAuthClaim=

# The token audience "claim" name, e.g. "aud", that will be used to get the audience from token.

# If not set, audience will not be verified.

tokenAudienceClaim=

# The token audience stands for this broker. The field `tokenAudienceClaim` of a valid token, need contains this.

tokenAudience=

### --- BookKeeper Client --- ###

# Authentication plugin to use when connecting to bookies

bookkeeperClientAuthenticationPlugin=

# BookKeeper auth plugin implementation specifics parameters name and values

bookkeeperClientAuthenticationParametersName=

bookkeeperClientAuthenticationParameters=

# Timeout for BK add / read operations

bookkeeperClientTimeoutInSeconds=30

# Number of BookKeeper client worker threads

# Default is Runtime.getRuntime().availableProcessors()

bookkeeperClientNumWorkerThreads=

# Number of BookKeeper client IO threads

# Default is Runtime.getRuntime().availableProcessors() * 2

bookkeeperClientNumIoThreads=

# Use separated IO threads for BookKeeper client

# Default is false, which will use Pulsar IO threads

bookkeeperClientSeparatedIoThreadsEnabled=false

# Speculative reads are initiated if a read request doesn't complete within a certain time

# Using a value of 0, is disabling the speculative reads

bookkeeperClientSpeculativeReadTimeoutInMillis=0

# Number of channels per bookie

bookkeeperNumberOfChannelsPerBookie=16

# Enable bookies health check. Bookies that have more than the configured number of failure within

# the interval will be quarantined for some time. During this period, new ledgers won't be created

# on these bookies

bookkeeperClientHealthCheckEnabled=true

bookkeeperClientHealthCheckIntervalSeconds=60

bookkeeperClientHealthCheckErrorThresholdPerInterval=5

bookkeeperClientHealthCheckQuarantineTimeInSeconds=1800

#bookie quarantine ratio to avoid all clients quarantine the high pressure bookie servers at the same time

bookkeeperClientQuarantineRatio=1.0

# Enable rack-aware bookie selection policy. BK will chose bookies from different racks when

# forming a new bookie ensemble

# This parameter related to ensemblePlacementPolicy in conf/bookkeeper.conf, if enabled, ensemblePlacementPolicy

# should be set to org.apache.bookkeeper.client.RackawareEnsemblePlacementPolicy

bookkeeperClientRackawarePolicyEnabled=true

# Enable region-aware bookie selection policy. BK will chose bookies from

# different regions and racks when forming a new bookie ensemble.

# If enabled, the value of bookkeeperClientRackawarePolicyEnabled is ignored

# This parameter related to ensemblePlacementPolicy in conf/bookkeeper.conf, if enabled, ensemblePlacementPolicy

# should be set to org.apache.bookkeeper.client.RegionAwareEnsemblePlacementPolicy

bookkeeperClientRegionawarePolicyEnabled=false

# Minimum number of racks per write quorum. BK rack-aware bookie selection policy will try to

# get bookies from at least 'bookkeeperClientMinNumRacksPerWriteQuorum' racks for a write quorum.

bookkeeperClientMinNumRacksPerWriteQuorum=1

# Enforces rack-aware bookie selection policy to pick bookies from 'bookkeeperClientMinNumRacksPerWriteQuorum'

# racks for a writeQuorum.

# If BK can't find bookie then it would throw BKNotEnoughBookiesException instead of picking random one.

bookkeeperClientEnforceMinNumRacksPerWriteQuorum=false

# Enable/disable reordering read sequence on reading entries.

bookkeeperClientReorderReadSequenceEnabled=false

# Enable bookie isolation by specifying a list of bookie groups to choose from. Any bookie

# outside the specified groups will not be used by the broker

bookkeeperClientIsolationGroups=

# Enable bookie secondary-isolation group if bookkeeperClientIsolationGroups doesn't

# have enough bookie available.

bookkeeperClientSecondaryIsolationGroups=

# Minimum bookies that should be available as part of bookkeeperClientIsolationGroups

# else broker will include bookkeeperClientSecondaryIsolationGroups bookies in isolated list.

bookkeeperClientMinAvailableBookiesInIsolationGroups=

# Set the client security provider factory class name.

# Default: org.apache.bookkeeper.tls.TLSContextFactory

bookkeeperTLSProviderFactoryClass=org.apache.bookkeeper.tls.TLSContextFactory

# Enable tls authentication with bookie

bookkeeperTLSClientAuthentication=false

# Supported type: PEM, JKS, PKCS12. Default value: PEM

bookkeeperTLSKeyFileType=PEM

#Supported type: PEM, JKS, PKCS12. Default value: PEM

bookkeeperTLSTrustCertTypes=PEM

# Path to file containing keystore password, if the client keystore is password protected.

bookkeeperTLSKeyStorePasswordPath=

# Path to file containing truststore password, if the client truststore is password protected.

bookkeeperTLSTrustStorePasswordPath=

# Path for the TLS private key file

bookkeeperTLSKeyFilePath=

# Path for the TLS certificate file

bookkeeperTLSCertificateFilePath=

# Path for the trusted TLS certificate file

bookkeeperTLSTrustCertsFilePath=

# Enable/disable disk weight based placement. Default is false

bookkeeperDiskWeightBasedPlacementEnabled=false

# Set the interval to check the need for sending an explicit LAC

# A value of '0' disables sending any explicit LACs. Default is 0.

bookkeeperExplicitLacIntervalInMills=0

# Use older Bookkeeper wire protocol with bookie

bookkeeperUseV2WireProtocol=true

# Expose bookkeeper client managed ledger stats to prometheus. default is false

# bookkeeperClientExposeStatsToPrometheus=false

# If bookkeeperClientExposeStatsToPrometheus is set to true, we can set bookkeeperClientLimitStatsLogging=true

# to limit per_channel_bookie_client metrics. default is true

# bookkeeperClientLimitStatsLogging=true

### --- Managed Ledger --- ###

# Number of bookies to use when creating a ledger

managedLedgerDefaultEnsembleSize=1

# Number of copies to store for each message

managedLedgerDefaultWriteQuorum=1

# Number of guaranteed copies (acks to wait before write is complete)

managedLedgerDefaultAckQuorum=1

# How frequently to flush the cursor positions that were accumulated due to rate limiting. (seconds).

# Default is 60 seconds

managedLedgerCursorPositionFlushSeconds=60

# Default type of checksum to use when writing to BookKeeper. Default is "CRC32C"

# Other possible options are "CRC32", "MAC" or "DUMMY" (no checksum).

managedLedgerDigestType=CRC32C

# Number of threads to be used for managed ledger scheduled tasks

managedLedgerNumSchedulerThreads=4

# Amount of memory to use for caching data payload in managed ledger. This memory

# is allocated from JVM direct memory and it's shared across all the topics

# running in the same broker. By default, uses 1/5th of available direct memory

managedLedgerCacheSizeMB=

# Evicting cache data by the slowest markDeletedPosition (true) or slowest read position (false).

# This setting is ignored when cacheEvictionByExpectedReadCount is true."

cacheEvictionByMarkDeletedPosition=false

# Evicting cache data by expected read count. Expected read count is calculated by the number of

# active cursors with a read position that is behind the position of the cached entry.

# This setting will override the cacheEvictionByMarkDeletedPosition setting.

cacheEvictionByExpectedReadCount=true

# Whether we should make a copy of the entry payloads when inserting in cache

managedLedgerCacheCopyEntries=false

# Threshold to which bring down the cache level when eviction is triggered

managedLedgerCacheEvictionWatermark=0.9

# Configure the cache eviction frequency for the managed ledger cache (evictions/sec)

managedLedgerCacheEvictionFrequency=100.0

# Controls time-to-live (TTL) for entries in the managed ledger (broker) cache.

# The TTL can be extended in two ways:

# 1. When cacheEvictionByExpectedReadCount is enabled: TTL is extended for entries with remaining

# expected reads. The maximum number of extensions is controlled by

# managedLedgerCacheEvictionExtendTTLOfEntriesWithRemainingExpectedReadsMaxTimes.

# 2. When cacheEvictionExtendTTLOfRecentlyAccessed is enabled: TTL is extended for entries

# accessed since the last expiration check.

# Default value is 1000ms.

managedLedgerCacheEvictionTimeThresholdMillis=1000

# Maximum number of times the cache can extend the TTL of an entry that has remaining expected reads.

# Only takes effect when cacheEvictionByExpectedReadCount is enabled.

# This helps optimize cache efficiency for scenarios like:

# - Key_Shared subscription replays

# - Catch-up reads for lagging consumers

# - Consumers temporarily falling behind the tail

# Entries with remaining expected reads will have their TTL extended up to this many times

# before being eligible for eviction. The TTL will be extended by

# managedLedgerCacheEvictionTimeThresholdMillis each time.

# Default is 5.

managedLedgerCacheEvictionExtendTTLOfEntriesWithRemainingExpectedReadsMaxTimes=5

# Controls whether recently accessed entries in the managed ledger cache should have their

# lifetime extended before cache eviction.

# When enabled:

# - During eviction check, if an entry has been accessed since the last check, its expiration

# time will be extended by managedLedgerCacheEvictionTimeThresholdMillis

# - Makes the cache behave like a Least Recently Used (LRU) cache by keeping frequently

# accessed entries longer

# - Helps optimize performance for frequently accessed entries while still allowing old unused

# entries to be evicted

# - Minimum eviction time is 2x managedLedgerCacheEvictionTimeThresholdMillis

# When disabled:

# - Cache behaves more like a FIFO queue with time-based and size-based eviction

# - Minimum eviction time is managedLedgerCacheEvictionTimeThresholdMillis

# Default is true, to behave like a LRU cache.

managedLedgerCacheEvictionExtendTTLOfRecentlyAccessed=true

# This setting configures the duration of continuing to cache added entries while there are no

# active cursors, when the last active cursor has left or immediately after initialization when

# the persistent topic and the managed ledger gets loaded.

# This setting is ignored unless cacheEvictionByExpectedReadCount is enabled.

# The default value is 2 * managedLedgerCacheEvictionTimeThresholdMillis.

managedLedgerContinueCachingAddedEntriesAfterLastActiveCursorLeavesMillis=

# Configure the threshold (in number of entries) from where a cursor should be considered 'backlogged'

# and thus should be set as inactive.

# This has no effect when cacheEvictionByExpectedReadCount is enabled.

managedLedgerCursorBackloggedThreshold=1000

# Minimum cursors that must be in backlog state to cache and reuse the read entries.

# (Default =0 to disable backlog reach cache)

# This has no effect when cacheEvictionByExpectedReadCount is enabled.

managedLedgerMinimumBacklogCursorsForCaching=0

# Minimum backlog entries for any cursor before start caching reads.

# This has no effect when cacheEvictionByExpectedReadCount is enabled.

managedLedgerMinimumBacklogEntriesForCaching=1000

# Maximum backlog entry difference to prevent caching entries that can't be reused.

# This has no effect when cacheEvictionByExpectedReadCount is enabled.

managedLedgerMaxBacklogBetweenCursorsForCaching=1000

# Rate limit the amount of writes generated by consumer acking the messages

managedLedgerDefaultMarkDeleteRateLimit=0.1

# Max number of entries to append to a ledger before triggering a rollover

# A ledger rollover is triggered after the min rollover time has passed

# and one of the following conditions is true:

# * The max rollover time has been reached

# * The max entries have been written to the ledger

# * The max ledger size has been written to the ledger

managedLedgerMaxEntriesPerLedger=50000

# Minimum time between ledger rollover for a topic

managedLedgerMinLedgerRolloverTimeMinutes=10

# Maximum time before forcing a ledger rollover for a topic

managedLedgerMaxLedgerRolloverTimeMinutes=240

# Max number of entries to append to a cursor ledger

managedLedgerCursorMaxEntriesPerLedger=50000

# Max time before triggering a rollover on a cursor ledger

managedLedgerCursorRolloverTimeInSeconds=14400

# Maximum ledger size before triggering a rollover for a topic (MB)

managedLedgerMaxSizePerLedgerMbytes=2048

# Max number of "acknowledgment holes" that are going to be persistently stored.

# When acknowledging out of order, a consumer will leave holes that are supposed

# to be quickly filled by acking all the messages. The information of which

# messages are acknowledged is persisted by compressing in "ranges" of messages

# that were acknowledged. After the max number of ranges is reached, the information

# will only be tracked in memory and messages will be redelivered in case of

# crashes.

managedLedgerMaxUnackedRangesToPersist=10000

# Maximum number of partially acknowledged batch messages per subscription that will have their batch

# deleted indexes persisted. Batch deleted index state is handled when acknowledgmentAtBatchIndexLevelEnabled=true.

# When this limit is exceeded, remaining batch message containing the batch deleted indexes will

# only be tracked in memory. In case of broker restarts or load balancing events, the batch

# deleted indexes will be cleared while redelivering the messages to consumers.

managedLedgerMaxBatchDeletedIndexToPersist=10000

# When storing acknowledgement state, choose a more compact serialization format that stores

# individual acknowledgements as a bitmap which is serialized to an array of long values. NOTE: This setting requires

# managedLedgerUnackedRangesOpenCacheSetEnabled=true to be effective.

managedLedgerPersistIndividualAckAsLongArray=true

# When set to true, a BitSet will be used to track acknowledged messages that come after the "mark delete position"

# for each subscription. RoaringBitmap is used as a memory efficient BitSet implementation for the acknowledged

# messages tracking. Unacknowledged ranges are the message ranges excluding the acknowledged messages.

managedLedgerUnackedRangesOpenCacheSetEnabled=true

# Max number of "acknowledgment holes" that can be stored in MetadataStore. If number of unack message range is higher

# than this limit then broker will persist unacked ranges into bookkeeper to avoid additional data overhead into

# MetadataStore.

managedLedgerMaxUnackedRangesToPersistInMetadataStore=1000

# ManagedCursorInfo compression type, option values (NONE, LZ4, ZLIB, ZSTD, SNAPPY).

# If value is NONE, then save the ManagedCursorInfo bytes data directly without compression.

# Using compression reduces the size of persistent cursor (subscription) metadata. This enables using a higher

# managedLedgerMaxUnackedRangesToPersistInMetadataStore value and reduces the overall metadata stored in

# the metadata store such as ZooKeeper.

managedCursorInfoCompressionType=NONE

# ManagedCursorInfo compression size threshold (bytes), only compress metadata when origin size more then this value.

# 0 means compression will always apply.

managedCursorInfoCompressionThresholdInBytes=16384

# ManagedLedgerInfo compression type, option values (NONE, LZ4, ZLIB, ZSTD, SNAPPY).

# If value is invalid or NONE, then save the ManagedLedgerInfo bytes data directly without compression.

# Using compression reduces the size of the persistent topic metadata. When a topic contains a large number of

# individual ledgers in BookKeeper or tiered storage, compression helps prevent the metadata size from exceeding

# the maximum size of a metadata store entry (ZNode in ZooKeeper). This also reduces the overall metadata stored

# in the metadata store such as ZooKeeper.

managedLedgerInfoCompressionType=NONE

# ManagedLedgerInfo compression size threshold (bytes), only compress metadata when origin size more then this value.

# 0 means compression will always apply.

managedLedgerInfoCompressionThresholdInBytes=16384

# Skip reading non-recoverable/unreadable data-ledger under managed-ledger's list. It helps when data-ledgers gets

# corrupted at bookkeeper and managed-cursor is stuck at that ledger.

autoSkipNonRecoverableData=false

# operation timeout while updating managed-ledger metadata.

managedLedgerMetadataOperationsTimeoutSeconds=60

# Read entries timeout when broker tries to read messages from bookkeeper.

managedLedgerReadEntryTimeoutSeconds=0

# Add entry timeout when broker tries to publish message to bookkeeper (0 to disable it).

managedLedgerAddEntryTimeoutSeconds=0

# New entries check delay for the cursor under the managed ledger.

# If no new messages in the topic, the cursor will try to check again after the delay time.

# For consumption latency sensitive scenario, can set to a smaller value or set to 0.

# Of course, use a smaller value may degrade consumption throughput. Default is 10ms.

managedLedgerNewEntriesCheckDelayInMillis=10

# Managed ledger prometheus stats latency rollover seconds (default: 60s)

managedLedgerPrometheusStatsLatencyRolloverSeconds=60

# Whether trace managed ledger task execution time

managedLedgerTraceTaskExecution=true