sysdbd-store-network(5) Manual Page
sysdbd-store-network - store::network plugin sending to remote instances
<Plugin "store::network"> <Server "some.host.name:12345"> Username "my.host.name" SSLCertificate "/etc/sysdb/ssl/cert.pem" SSLCertificateKey "/etc/sysdb/ssl/key.pem" SSLCACertificates "/etc/ssl/certs/ca-certificates.crt" </Server> </Plugin>
store::network is a plugin which connects to a remote SysDB instance and sends all locally collected stored objects to that instance. It uses the low-level binary protocol to efficiently transmit the data.
store::network accepts the following configuration options:
- Server <address>
A server block specifies the connection settings. Multiple servers may be specified to send all data to multiple instances. The specified <address> may be a local path-name of a UNIX domain socket, a hostname, an IPv4 address, or and IPv6 address along with the remote port, separated by a colon (":").
All TCP connections are encrypted with SSL/TLS. See the SSL configuration options for details about how to configure this.
All clients need to authenticate against the remote SysDB instance. See the section AUTHENTICATION for details.
A server block accepts the following configuration options:
- Username <name>
The username used for authentication against the remote instance.
- SSLCertificate <filename>
The SSL certificate file to use for SSL connections and authentication.
- SSLCertificateKey <filename>
The SSL private key file to use for SSL connections and authentication.
- SSLCACertificates <filename>
The certificate authority (CA) certificates file for server certificate verification to use for SSL connection.
SysDB requires all client connections to a database server to be authenticated. The following authentication mechanism are supported at this time:
- Peer authentication for UNIX domain socket connections
Connections via UNIX domain sockets are authenticated by obtaining the client’s operating system user name from the kernel. The name has to match the username used to connect to the server.
- SSL certificate authentication for TCP connection
SSL client certificates will be used to authenticate TCP connections. The cn (common name) attribute of the certificate has to match the username used to connect to the server. Note that full client and server verification is currently enforced on all TCP connections.
SysDB was written by Sebastian "tokkee" Harl <email@example.com>.
Copyright © 2012-2015 Sebastian "tokkee" Harl <firstname.lastname@example.org>
This is free software under the terms of the BSD license, see the source for copying conditions. There is NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.