Storage Configuration
Storage configuration
The storage configuration includes the runtime database, ldap and session cache configuration.
The following example shows the storage configuration. More in-depth explanation of each section is available after the example.
runtime_db: mypq # Configuration of runtime database. Points to the database server connection.
session_cache:
type: db # Specifies the type of session cache, in-memory, redis, or db.
# cfg: redis-standalone # Specifies the configuration of the `redis` cache, for `redis` type only. Points to `redis` server connection
# life_time: 600 # Specifies the session entry duration in seconds. It applies to `in-memory` type sessions only. Default is `600`
# max_entries: 60000 # Specifies the maximum number of session entries. It applies to `in-memory` type sessions only. Default is `60000`
server_connections: # Server connections
- name: mypq # Connection name
type: postgresql # Connection type, `redis`, `ldap`, `postgresql`, `oracle`, `db2`
database_name: verify-access # Specifies the database name. For database types only.
hosts: # List of host information (IP and port)
- hostname: postgresql # Server's hostname
hostport: 5432 # Server's host port
credential: # Credential information to connect to the server
username: postgres # Specifies the username to access the server.
password: 'OBF:gJDSuqEFmORCR2Uw3FsAmFKomjYLmhMwdDG2XoUxtQ0='
# Specifies the password to access the server. It is recommended to obfuscate this.
ssl:
certificate: # The SSL connection certificate array.
- ks:postgres_keys # The SSL keystore to be used for SSL connections. ks: indicates keystore.
mutual_auth:
key: ks:rt_profile_keys/postgres # When mutual TLS is needed, specify the keystore and label that contains the client's private key.
certificate: ks:rt_profile_keys/postgres # When mutual TLS is needed, specify the keystore and label of the client's leaf certificate.
ca:
- ks:rt_profile_keys/ca # When mutual TLS is needed, specify the keystore and label of the client's CA certificate.
disable_hostname_verification: false # The SSL connection validates the hostname.
conn_settings: # Connection settings
max_idle_time: 10 # Maximum idle time in seconds
min_pool_size: 5 # Minimum connection pool size
max_pool_size: 50 # Maximum connection pool size
connect_timeout: 5 # Connect timeout, in seconds
aged_timeout: 30 # Aged timeout, in seconds
- name: ldap_staging # Connection name
type: ldap # Connection type
hosts: # List of host information (IP and port)
- hostname: openldap # Server's hostname
hostport: 636 # Server's host port
credential: # Credential information to connect to the host.
bind_dn: cn=root,secAuthority=Default # Specifies the binding credential for the LDAP server connection.
bind_password: 'OBF:gJDSuqEFmORCR2Uw3FsAmFKomjYLmhMwdDG2XoUxtQ0='
# Specifies the binding password for the LDAP server connection. It is recommended to obfuscate this.
ssl:
certificate: # The SSL connection certificate array.
- ks:ldap_keys # The SSL keystore to be used for SSL connections. ks: indicates keystore.
mutual_auth:
key: ks:rt_profile_keys/ldap # When mutual TLS is needed, specify the keystore and label that contains the client's private key.
certificate: ks:rt_profile_keys/ldap # When mutual TLS is needed, specify the keystore and label of the client's leaf certificate.
ca: # The mutual_auth connection certificate array.
- ks:rt_profile_keys/ca # When mutual TLS is needed, specify the keystore and label of the client's CA certificate.
disable_hostname_verification: false # The SSL connection validates the hostname.
conn_settings: # Connection pool settings for the LDAP server.
max_pool_size: 50 # Maximum connection pool size.
connect_timeout: 3 # Connect timeout, in seconds.
aged_timeout: 5 # Aged timeout, in seconds.
- name: redis-standalone # Connection name
type: redis # Connection type
deployment: # Redis deployment information. for `redis` type only
model: standalone # Deployment model. `standalone` or `sentinel`
# master: master # Master node information. For `sentinel` model only
hosts: # List of host information (IP and port)
- hostname: redis # Server's hostname
hostport: 6390 # Server's host port
credential: # Credential information to connect to the host.
username: isva # Specifies the username to access the server
password: 'OBF:oUqHV/2VlAeWb1D7uAdfQysti3vh44p5/rpCDR35gn4=' # p@ssw0rd
# Specifies the password for the redis server connection. It is recommended to obfuscate this.
ssl:
certificate: # The SSL connection certificate array.
- ks:redis_keys # The SSL keystore to be used for SSL connections. ks: indicates keystore.
mutual_auth:
key: ks:rt_profile_keys/redis # When mutual TLS is needed, specify the keystore and label that contains the client's private key.
certificate: ks:rt_profile_keys/redis # When mutual TLS is needed, specify the keystore and label of the client's leaf certificate.
ca:
- ks:rt_profile_keys/ca # When mutual TLS is needed, specify the keystore and label of the client's CA certificate.
disable_hostname_verification: false # The SSL connection validates the hostname.
Annotation used for keystores and certificate files
- ks: Represents a keystore, the file system path that it will look under is
/var/isvaop/config/keystore
. If it is used for a key the equivalentpem
file should reside under/var/isvaop/config/keystore/<keystore_name>/personal/
folder. If its used for a certificate the equivalentpem
file should reside under/var/isvaop/config/keystore/<keystore_name>/signer/
folder. - @ Represents a file, it uses a relative file system path that it will look under is
/var/isvaop/config/
. Extensions such as.pem
,.crt
and.key
can be used. - B64: Represents the literal value of the base64 encoded certificate or key.
- Read more about key management.
Detailed Configuration:
Updated almost 2 years ago