You manage the agent configuration through the paa.conf and agent.properties configuration files.
The /etc/httpd/conf.d/paa.conf file contains these configuration options.
Parameter | Definition | Default Value |
---|---|---|
PaaCertificateDir |
String value containing the path to the certificates extracted from the .properties files. |
conf.d |
PaaEnabled |
Determines whether the agent is enabled or disabled for a specific server configuration. Valid values: on/off This value can be set globally; set for individual virtual hosts, directories, locations, or files; or both. The most specific value is used. Note:
If you disable the PaaEnabled parameter globally, ensure that the PaaEnabled directive is set to on for the PingAccess reserved application context root. This is /pa by default. For example, adding this text to an included configuration file enables PingAccess for the /pa context root and for the /var/www/html/one directory.
Adding this text to an included configuration file disables PingAccess for all content in the
/var/www/html/two directory except for files
named
|
on |
PaaPropertyFiles |
List of .properties files that store configuration data used to connect the agent to the PingAccess engine nodes the agent will communicate with. |
conf.d/agent.properties |
PaaEnabledNoteName |
An optional parameter which defines a note name. If a request includes a note with this name and a value of on or off, this value overrides the PaaEnabled setting for that request. If you want to use this feature, you must deploy a custom module to include this note with the correct value. |
paa-enabled-note |
The configured agent.properties files can contain the following parameters.
Parameter | Definition | Default Value |
---|---|---|
agent.engine.configuration.scheme |
The URI scheme used to connect to the engine node. Valid values are http and https. |
https |
agent.engine.configuration.host |
The PingAccess host name. |
The value in the Agent Node's |
agent.engine.configuration.port |
The port the agent connects to on the PingAccess host. This value is defined in
the PingAccess
|
Defined in the PingAccess Admin UI |
agent.engine.configuration.username |
The unique agent name that identifies the agent in PingAccess. |
Defined in the PingAccess Admin UI |
agent.engine.configuration.shared.secret |
The password used to authenticate the agent to the engine. |
Defined in the PingAccess Admin UI |
agent.engine.configuration.bootstrap.truststore |
The base64-encoded public certificate used to establish HTTPS trust by the agent to the PingAccess engine. Note:
If you are having difficulty connecting an agent to the PingAccess engine, verify that the Agent Trusted Certificate has been configured correctly in Agent Management. |
Generated by PingAccess |
agent.engine.configuration.maxConnections |
The number of connections a single web server worker process maintains to the PingAccess engine defined in the agent.engine.configuration.host parameter. |
10 |
agent.engine.configuration.timeout |
The maximum time, in milliseconds, a request to PingAccess can take from the agent. If
this time is exceeded, the client will receive a generic |
30000 |
agent.engine.configuration.connectTimeout |
The maximum time, in milliseconds, the agent can take to connect to the
PingAccess engine. If this time
is exceeded, the client will receive a generic |
30000 |
agent.cache.missInitialTimeout |
The maximum time, in milliseconds, a web server worker process waits for a response to a policy cache request sent to other web server worker processes. |
5 |
agent.cache.broker.publisherPort |
The network port web server processes use to publish policy cache requests to other web server worker processes. This port is bound to the localhost network only. |
3031 |
agent.cache.broker.subscriberPort |
The network port web server processes use to receive policy cache requests from other web server worker processes. This port is bound to the localhost network only. |
3032 |
agent.cache.maxTokens |
The maximum number of tokens stored in the policy cache for a single web server worker process. A value of 0 means there is no maximum. |
0 |
agent.cache.disabled |
Determines whether caching of policy decisions is enabled or disabled. A value of 1 disables caching, forcing the agent to communicate with the PingAccess host any time a policy decision needs to be made. Warning:
Disabling caching has a significant impact on the scalability of the PingAccess Policy servers, as every rule evaluation is processed by the Policy Server. This option should only be used as a last resort because of the performance penalty. |
0 |
agent.engine.configuration.failover.hosts |
The hostname and port of the PingAccess server where the agent should send requests in the event of a failover from the PingAccess Host. Note:
If this parameter is set, the upstream block name in
For example, if your PingAccess
certificate contains name ' |
Defined in the PingAccess Admin UI |
agent.engine.configuration.failover.failedRetryTimeout |
The number of seconds to wait before the agent should retry connecting to a failed PingAccess server. |
60 |
agent.engine.configuration.failover.MaxRetries |
The number of times to retry a connection to a PingAccess server after an unsuccessful attempt. If all retries fail, the agent marks the PingAccess server as failed for the duration of the agent.engine.configuration.failover.failedRetryTimeout value and tries another PingAccess server if one is available. |
2 |
agent.cache.type |
Controls the type of policy cache used by the agent. There are three valid values for this property:
|
AUTO |
agent.send.inventory |
Determines whether the This header contains the following fields:
For more information, see Agent inventory logging. |
|
agent.inventory |
Specifies additional values to include in the
The following syntax is used.
Note:
The specified header fields are case-sensitive. |
Not present by default. |
agent.apache.host.source.headerName |
If present, specifies a header that overrides the default
|
Not present by default. |
You can add comments to the agent.properties files if necessary.
Lines beginning with the #
or !
characters are ignored
by the agent.
Changes to the agent.properties file require a restart of the web server.
See the Performance Tuning Guide for a discussion on improving agent performance.