Configure FabricTransport settings for Reliable Actors
Here are the settings that you can configure:
You can modify the default configuration of FabricTransport in following ways.
Assembly attribute
The FabricTransportActorRemotingProvider attribute needs to be applied on the actor client and actor service assemblies.
The following example shows how to change the default value of FabricTransport OperationTimeout settings:
using Microsoft.ServiceFabric.Actors.Remoting.FabricTransport;
[assembly:FabricTransportActorRemotingProvider(OperationTimeoutInSeconds = 600)]
Second example changes default Values of FabricTransport MaxMessageSize and OperationTimeoutInSeconds.
using Microsoft.ServiceFabric.Actors.Remoting.FabricTransport;
[assembly:FabricTransportActorRemotingProvider(OperationTimeoutInSeconds = 600,MaxMessageSize = 134217728)]
Config package
You can use a config package to modify the default configuration.
Important
On Linux nodes, certificates must be PEM-formatted. To learn more about locating and configuring certificates for Linux, see Configure certificates on Linux.
Configure FabricTransport settings for the actor service
Add a TransportSettings section in the settings.xml file.
By default, actor code looks for SectionName as "<ActorName>TransportSettings". If that's not found, it checks for SectionName as "TransportSettings".
<Section Name="MyActorServiceTransportSettings">
<Parameter Name="MaxMessageSize" Value="10000000" />
<Parameter Name="OperationTimeoutInSeconds" Value="300" />
<Parameter Name="SecurityCredentialsType" Value="X509" />
<Parameter Name="CertificateFindType" Value="FindByThumbprint" />
<Parameter Name="CertificateFindValue" Value="4FEF3950642138446CC364A396E1E881DB76B48C" />
<Parameter Name="CertificateRemoteThumbprints" Value="b3449b018d0f6839a2c5d62b5b6c6ac822b6f662" />
<Parameter Name="CertificateStoreLocation" Value="LocalMachine" />
<Parameter Name="CertificateStoreName" Value="My" />
<Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" />
<Parameter Name="CertificateRemoteCommonNames" Value="ServiceFabric-Test-Cert" />
</Section>
Configure FabricTransport settings for the actor client assembly
If the client is not running as part of a service, you can create a "<Client Exe Name>.settings.xml" file in the same location as the client .exe file. Then add a TransportSettings section in that file. SectionName should be "TransportSettings".
<?xml version="1.0" encoding="utf-8"?>
<Settings xmlns:xsd="https://www.w3.org/2001/XMLSchema" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/2011/01/fabric">
<Section Name="TransportSettings">
<Parameter Name="SecurityCredentialsType" Value="X509" />
<Parameter Name="OperationTimeoutInSeconds" Value="300" />
<Parameter Name="CertificateFindType" Value="FindByThumbprint" />
<Parameter Name="CertificateFindValue" Value="b3449b018d0f6839a2c5d62b5b6c6ac822b6f662" />
<Parameter Name="CertificateRemoteThumbprints" Value="4FEF3950642138446CC364A396E1E881DB76B48C" />
<Parameter Name="OperationTimeoutInSeconds" Value="300" />
<Parameter Name="CertificateStoreLocation" Value="LocalMachine" />
<Parameter Name="CertificateStoreName" Value="My" />
<Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" />
<Parameter Name="CertificateRemoteCommonNames" Value="WinFabric-Test-SAN1-Alice" />
</Section>
</Settings>
Configuring FabricTransport Settings for Secure Actor Service/Client With Secondary Certificate. Secondary certificate information can be added by adding parameter CertificateFindValuebySecondary. Below is the example for the Listener TransportSettings.
<Section Name="TransportSettings"> <Parameter Name="SecurityCredentialsType" Value="X509" /> <Parameter Name="CertificateFindType" Value="FindByThumbprint" /> <Parameter Name="CertificateFindValue" Value="b3449b018d0f6839a2c5d62b5b6c6ac822b6f662" /> <Parameter Name="CertificateFindValuebySecondary" Value="h9449b018d0f6839a2c5d62b5b6c6ac822b6f690" /> <Parameter Name="CertificateRemoteThumbprints" Value="4FEF3950642138446CC364A396E1E881DB76B48C,a9449b018d0f6839a2c5d62b5b6c6ac822b6f667" /> <Parameter Name="CertificateStoreLocation" Value="LocalMachine" /> <Parameter Name="CertificateStoreName" Value="My" /> <Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" /> </Section>
Below is the example for the Client TransportSettings.
<Section Name="TransportSettings"> <Parameter Name="SecurityCredentialsType" Value="X509" /> <Parameter Name="CertificateFindType" Value="FindByThumbprint" /> <Parameter Name="CertificateFindValue" Value="4FEF3950642138446CC364A396E1E881DB76B48C" /> <Parameter Name="CertificateFindValuebySecondary" Value="a9449b018d0f6839a2c5d62b5b6c6ac822b6f667" /> <Parameter Name="CertificateRemoteThumbprints" Value="b3449b018d0f6839a2c5d62b5b6c6ac822b6f662,h9449b018d0f6839a2c5d62b5b6c6ac822b6f690" /> <Parameter Name="CertificateStoreLocation" Value="LocalMachine" /> <Parameter Name="CertificateStoreName" Value="My" /> <Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" /> </Section>
Configuring FabricTransport Settings for Securing Actor Service/Client Using Subject Name. User needs to provide findType as FindBySubjectName, add CertificateIssuerThumbprints and CertificateRemoteCommonNames values. Below is the example for the Listener TransportSettings.
<Section Name="TransportSettings"> <Parameter Name="SecurityCredentialsType" Value="X509" /> <Parameter Name="CertificateFindType" Value="FindBySubjectName" /> <Parameter Name="CertificateFindValue" Value="CN = WinFabric-Test-SAN1-Alice" /> <Parameter Name="CertificateIssuerThumbprints" Value="b3449b018d0f6839a2c5d62b5b6c6ac822b6f662" /> <Parameter Name="CertificateRemoteCommonNames" Value="WinFabric-Test-SAN1-Bob" /> <Parameter Name="CertificateStoreLocation" Value="LocalMachine" /> <Parameter Name="CertificateStoreName" Value="My" /> <Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" /> </Section>
Below is the example for the Client TransportSettings.
<Section Name="TransportSettings"> <Parameter Name="SecurityCredentialsType" Value="X509" /> <Parameter Name="CertificateFindType" Value="FindBySubjectName" /> <Parameter Name="CertificateFindValue" Value="CN = WinFabric-Test-SAN1-Bob" /> <Parameter Name="CertificateStoreLocation" Value="LocalMachine" /> <Parameter Name="CertificateStoreName" Value="My" /> <Parameter Name="CertificateRemoteCommonNames" Value="WinFabric-Test-SAN1-Alice" /> <Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" /> </Section>