Difference between revisions of "OS4X Core main configuration file"

From OS4X
Jump to navigation Jump to search
 
(8 intermediate revisions by the same user not shown)
Line 80: Line 80:
 
''Optional.''
 
''Optional.''
  
ID of the OS4X server in a cluster environment. Every OS4X server should have its own server ID, given by you.
+
Numeric (integer value) ID of the OS4X server in a cluster environment. Every OS4X server should have its own server ID, given by you.
 +
*Min. value: -128
 +
*Max. value: 127
  
 
==== DBTYPE ====
 
==== DBTYPE ====
Line 102: Line 104:
 
==== CLIENTD_OVERRIDDEN_HOST ====
 
==== CLIENTD_OVERRIDDEN_HOST ====
 
If you want OS4X Webaccess to connect to an alternative OS4X client daemon (possibly on a remote server), set here the resolvable hostname or IP address of the server. All OS4X client daemon communication (i.e. authentification, job generation) will take place on this server.
 
If you want OS4X Webaccess to connect to an alternative OS4X client daemon (possibly on a remote server), set here the resolvable hostname or IP address of the server. All OS4X client daemon communication (i.e. authentification, job generation) will take place on this server.
 +
 +
==== CLIENTD_AUTH_HOST ====
 +
This is an optional configuration value defining the host (resolvable hostname or IP address) where an instance of the OS4X client daemon "<code>os4xclientd</code>" is running and accepting user authentication requests (and only these authentication requests, nothing more!).
 +
This configuration value overrides the option "<code>CLIENTD_OVERRIDDEN_HOST</code>", if configured.
  
 
==== WEBACCESS_UPLOAD_DIRECTORY ====
 
==== WEBACCESS_UPLOAD_DIRECTORY ====
Line 108: Line 114:
 
This feature is mainly used when installing OS4X Webaccess on a remote server (i.e. remote co-location). The same directory name must exist on the host running the OS4X client daemon for job generation. In most common cases, this is done by mounting the same directory with the exact name from the remote server on the host running the OS4X client daemon.
 
This feature is mainly used when installing OS4X Webaccess on a remote server (i.e. remote co-location). The same directory name must exist on the host running the OS4X client daemon for job generation. In most common cases, this is done by mounting the same directory with the exact name from the remote server on the host running the OS4X client daemon.
  
==== DB_TLS_VERSION ====
+
==== MySQL TLS connection parameters ====
Since OS4X release 2021-08-10, the variable DB_TLS_VERSION defines an optional description of the used communication encryption standard, which is provided in the MySQL/MariaDB handshake. The following values are possible:
+
Since OS4X release 2021-08-10, encrypted database connections are supported. MySQL started with version 5.7 to support encrypted connections via TLS. Please follow their online documentation about valid configuration values for i.e. protocols and cipher support: https://dev.mysql.com/doc/refman/en/encrypted-connection-protocols-ciphers.html
 +
TLS secured connections are only available over network links, not via socket file. Use the IP address "127.0.0.1" instead of "localhost" if you want to connect via TLS to your local database. Beware that you may need to open listener ports in your database server.
 +
 
 +
===== DB_TLS_VERSION =====
 +
Required: The variable DB_TLS_VERSION defines an optional description of the used communication encryption standard, which is provided in the MySQL/MariaDB handshake. The following values are possible:
 
*TLSv1
 
*TLSv1
 
*TLSv1.1
 
*TLSv1.1
 
*TLSv1.2
 
*TLSv1.2
 +
*TLSv1.3
 
or a mix of it, like:
 
or a mix of it, like:
 
*TLSv1.2,TLSv1.1,TLSv1
 
*TLSv1.2,TLSv1.1,TLSv1
 +
 +
===== DB_TLS_CIPHER =====
 +
Required: If you want to use encrypted database connections, you have to define any supported cipher. Refer to the list of supported ciphers of your database server.
 +
 +
===== DB_TLS_KEY =====
 +
Optional: The absolute path to your readable key file.
 +
 +
===== DB_TLS_CERT =====
 +
Optional: The absolute path to your readable certificate file in PEM format.
 +
 +
===== DB_TLS_CA =====
 +
Optional:  The absolute path to your CA chain certificate file in PEM format.
 +
 +
===== DB_TLS_CAPATH =====
 +
Optional: The absolute path where allowed CA chain elements are saved as PEM formatted files, linked against their hash of the subject. Copied from the manpage https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_verify_paths.html:
 +
<pre>
 +
If CApath is not NULL, it points to a directory containing CA certificates in PEM format. The files each contain one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available. If more than one CA certificate with the same name hash value exist, the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other properties of the certificates. Use the c_rehash utility to create the necessary links.
 +
</pre>
  
 
== Examples ==
 
== Examples ==

Latest revision as of 16:34, 9 September 2024

Main configuration file

OS4X's main configuration file defines be basic information about database connectivity and some other, really basic information which cannot reside in the database.

Position

All OS4X binaries search the configuration file at

/etc/os4x.conf

but they are all aware of searching this file at a given position. For this position information, nearly all binaries have the parameter "-C" (beware of the uppercase!). Example:

$ /opt/os4x/bin/os4xrd -C /opt/os4x/os4x.conf

This example searches the config file at the given position "/opt/os4x/os4x.conf".

In addition, all running OS4X binaries set the environment variable "OS4X_CFGFILE", which is also interpreted by all binaries. An alternative way to the above example could then be:

$ export OS4X_CFGFILE=/opt/os4x/os4x.conf
$ /opt/os4x/bin/os4xrd

Content

The configuration file contains textual information in the format "key=value", where no space must be existant between key, the character "=" and the corresponding value. Lines beginning with a hash sign ("#") are comments and will not be taken into account. Example:

# comment 
KEY=VALUE

Variables

Illegal defintions are:

KEY = VALUE    <- whitespaces after key name and before value
KEY =VALUE     <- whitespace after key name
KEY= VALUE     <- whitespace before value

The following variables are available.

DB_HOST

Mandatory.

Resolvable hostname or IP address of the databse server. In case of MySQL, special rules apply: if the value "localhost" is used, the MySQL client library tries to connect via a compiled in socket connection, if no socket is configured. In this case, if you have any problems connecting to MySQL, examine your syslog output and check the socket availability. As a workaround, "127.0.0.1" can be configured for a forced TCP/IP connection to localhost.

DB_USER

Mandatory.

Username for the database connection. In case of MySQL, if no username is configured (left empty), the user running the program is being used.

DB_PASS

Mandatory.

Password for the database connection. Empty connection passwords are not officially supported, but may work.

DB_NAME

Mandatory.

  • MySQL: Name of the database.
  • DB2: Name of the database instance.

DB_SCHEMA

Optional.

  • PostgreSQL: Name of the database schema. If not set, the database name is used as schema name (default).

DB_SOCKET

Optional. Absolute path to the socket file for communication. Only valid for MySQL.

DB_PORT

Mandatory.

TCP/IP port number for communication with the database server.

TABLEPREFIX

Mandatory.

Prefix of all OS4X tables. In shared database environment (where only one database is available) it's handy to have a configurable prefix for all tables. Default:

os4x_

(beware of the underscore as a last character).

MYSQLCLIENT

Optional.

Absolute path to the MySQL client tool used for backup and restore reasons.

PSQL

Optional.

Absolute path to the PostgreSQL client tool "psql" used for backup and restore reasons.

SERVERID

Optional.

Numeric (integer value) ID of the OS4X server in a cluster environment. Every OS4X server should have its own server ID, given by you.

  • Min. value: -128
  • Max. value: 127

DBTYPE

Optional.

Type of database connected to. Starting with OS4X 3 Core, possible values are:

  • MYSQL
  • DB2
  • SQLITE
  • POSTGRESQL

If left empty, "MYSQL" is assumed for compatibility reasons with OS4X 2 Core.

DB_PERSISTANT_CONNECTION

Optional.

For a persistant database connection for every OS4X process, you may set this configuration value to the numerical value "1":

DB_PERSISTANT_CONNECTION=1

At the moment only effective with "DBTYPE=DB2".

CLIENTD_OVERRIDDEN_HOST

If you want OS4X Webaccess to connect to an alternative OS4X client daemon (possibly on a remote server), set here the resolvable hostname or IP address of the server. All OS4X client daemon communication (i.e. authentification, job generation) will take place on this server.

CLIENTD_AUTH_HOST

This is an optional configuration value defining the host (resolvable hostname or IP address) where an instance of the OS4X client daemon "os4xclientd" is running and accepting user authentication requests (and only these authentication requests, nothing more!). This configuration value overrides the option "CLIENTD_OVERRIDDEN_HOST", if configured.

WEBACCESS_UPLOAD_DIRECTORY

If you want a special upload directory used for this OS4X Webaccess instance, you can configure it here.

This feature is mainly used when installing OS4X Webaccess on a remote server (i.e. remote co-location). The same directory name must exist on the host running the OS4X client daemon for job generation. In most common cases, this is done by mounting the same directory with the exact name from the remote server on the host running the OS4X client daemon.

MySQL TLS connection parameters

Since OS4X release 2021-08-10, encrypted database connections are supported. MySQL started with version 5.7 to support encrypted connections via TLS. Please follow their online documentation about valid configuration values for i.e. protocols and cipher support: https://dev.mysql.com/doc/refman/en/encrypted-connection-protocols-ciphers.html TLS secured connections are only available over network links, not via socket file. Use the IP address "127.0.0.1" instead of "localhost" if you want to connect via TLS to your local database. Beware that you may need to open listener ports in your database server.

DB_TLS_VERSION

Required: The variable DB_TLS_VERSION defines an optional description of the used communication encryption standard, which is provided in the MySQL/MariaDB handshake. The following values are possible:

  • TLSv1
  • TLSv1.1
  • TLSv1.2
  • TLSv1.3

or a mix of it, like:

  • TLSv1.2,TLSv1.1,TLSv1
DB_TLS_CIPHER

Required: If you want to use encrypted database connections, you have to define any supported cipher. Refer to the list of supported ciphers of your database server.

DB_TLS_KEY

Optional: The absolute path to your readable key file.

DB_TLS_CERT

Optional: The absolute path to your readable certificate file in PEM format.

DB_TLS_CA

Optional: The absolute path to your CA chain certificate file in PEM format.

DB_TLS_CAPATH

Optional: The absolute path where allowed CA chain elements are saved as PEM formatted files, linked against their hash of the subject. Copied from the manpage https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_verify_paths.html:

If CApath is not NULL, it points to a directory containing CA certificates in PEM format. The files each contain one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available. If more than one CA certificate with the same name hash value exist, the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other properties of the certificates. Use the c_rehash utility to create the necessary links.

Examples

The following examples show various settings: locale and remote databases, socket connects, the possible database types and persistant connections.

local MySQL server via socket

DB_HOST=localhost
DB_USER=os4x
DB_PASS=os4x
DB_NAME=os4x
DB_SOCKET=/var/lib/mysql.sock
DB_PORT=3306
TABLEPREFIX=os4x_
MYSQLCLIENT=/usr/local/mysql/bin/mysql

remote MySQL server and remote OS4X client daemon, using a different upload directory

DB_HOST=192.168.1.23
DB_USER=os4x
DB_PASS=os4x
DB_NAME=os4x
DB_PORT=3306
TABLEPREFIX=os4x_
MYSQLCLIENT=/usr/local/mysql/bin/mysql
CLIENTD_OVERRIDDEN_HOST=192.168.21.2
WEBACCESS_UPLOAD_DIRECTORY=/opt/os4x/upload_remote_location

remote DB2

DB_HOST=db2
DB_USER=db2inst1
DB_PASS=db2
DB_NAME=swan_hl
DB_PORT=50000
TABLEPREFIX=os4x_
DBTYPE=DB2

remote DB2 with persistant connections and configured server ID

DB_HOST=db2
DB_USER=db2inst1
DB_PASS=db2
DB_NAME=swan_hl
DB_PORT=50000
TABLEPREFIX=os4x_
DBTYPE=DB2
DB_PERSISTANT_CONNECTION=1
SERVERID=5