Feb 12, 2024

Foundation DB

Installation

$ sudo dpkg -i foundationdb-clients_*.deb foundationdb-server_*.deb

Check connection to DB

$ fdbcli

Using cluster file `/etc/foundationdb/fdb.cluster'.

The database is available.

Welcome to the fdbcli. For help, type `help'.

fdb>

Configure TLS for server side

Up to root privs

$ sudo su

Edit fdb.cluster file

$ vim /etc/foundationdb/fdb.cluster

<some symbols>:<some symbols>@127.0.0.1:4500:tls

Check connection to DB by TLS

$ fdbcli

ERROR: fdbcli is not configured with TLS, but all of the coordinators have TLS addresses.

Generate certs

$ cd ~

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.crt

$ cat cert.crt private.key > fdb.pem

Copy certs to FDB dir

$ sudo cp * /etc/foundationdb/

$ chmod +r /etc/foundationdb/private.key

Edit FDB conf

$ sudo vim  /etc/foundationdb/foundationdb.conf

...
[fdbserver.4500]
Public - address = 127.0.0.1:4500: TLS
listen-address = public
tls_certificate_file = /etc/foundationdb/fdb.pem
tls_ca_file = /etc/foundationdb/cert.crt
tls_key_file = /etc/foundationdb/private.key
tls_verify_peers= Check.Valid=0
...

Configure TLS for client side

Check connection by TLS

$ fdbcli -C /etc/foundationdb/fdb.cluster --tls_certificate_file /etc/foundationdb/cert.crt --tls_ca_file /etc/foundationdb/cert.crt --tls_verify_peers "Check.Valid=0" --tls-key-file /etc/foundationdb/private.key

Using cluster file `/etc/foundationdb/fdb.cluster'.

The database is available.

Welcome to the fdbcli. For help, type `help'.

fdb>

Configure ENV variables for client side

$ export FDB_TLS_CERTIFICATE_FILE=/etc/foundationdb/cert.crt
$ export FDB_TLS_CA_FILE=/etc/foundationdb/cert.crt
$ export FDB_TLS_KEY_FILE=/etc/foundationdb/private.key
$ export FDB_TLS_VERIFY_PEERS=Check.Valid=0

Check connection by TLS

$ fdbcli

Using cluster file `/etc/foundationdb/fdb.cluster'.

The database is available.

Welcome to the fdbcli. For help, type `help'.

fdb>


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Kubernetes

kubectl installation $ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl...

  • How to decrypt oracle password
    SQL Developer: %APPDATA%\SQL Developer\system*\o.jdeveloper.db.connection*\connections.xml <StringRefAddr addrType="password"...
  • Foundation DB
    Installation $ sudo dpkg -i foundationdb-clients_*.deb foundationdb-server_*.deb Check connection to DB $ fdbcli Using cluster file `/etc/fo...