diff options
Diffstat (limited to 'p11p-daemon/README.md')
| -rw-r--r-- | p11p-daemon/README.md | 55 |
1 files changed, 30 insertions, 25 deletions
diff --git a/p11p-daemon/README.md b/p11p-daemon/README.md index c1910b8..31bea54 100644 --- a/p11p-daemon/README.md +++ b/p11p-daemon/README.md @@ -59,7 +59,7 @@ PKCS #11 operations on a virtual token. Each virtual token represents one or more physical cryptographic devices with a PKCS #11 interface ("tokens"). -Each virtual token has a name, a mode and a list of PKCS #11 modules, +Each virtual token has a name, FIXME and a list of PKCS #11 modules, i.e. shared libraries. ### vtoken name @@ -67,41 +67,46 @@ i.e. shared libraries. A string identifying a virtual token. This name is reflected in the name of the socket used by the client to connect to p11p-daemon. -### vtoken modules - -A list of PKCS #11 modules backing the virtual token. - -Each entry in this list has a name, a path to the shared library to -load and, optionally, an environment to run it in. The environment can -be used to pass configuration to the module. - -### vtoken mode - -The mode of a virtual token determines some of its behaviour with -reagard to choosing which token to satisfy a client request. - #### failover -In failover mode, the virtual token will use the first token in the -list of tokens until that token fails and then switch to the next in -the list. +If a token fails to respond within the number of milliseconds +specified in the 'timeout' configuration parameter, the next token in +the list becomes the active token. The list is circular, meaning that +the first token in the list is used after the last token in the list +has failed. This is true for a list with a single token as well. + +The 'failover' configuration parameter determines how many times this +switch will happen. The number of switches that will happen equals +'failover' minus one, so that a failover value of one will result in +zero retries, a value of two will result in one retry, and so forth. A +value of zero disables the failover functionality. -Failover mode has one parameter specifying the number of seconds (?) -to wait for a token to respond before giving up and decide that the -token has failed. +TBD: Rename 'failover' to 'retries'? #### balance -In balance mode, the virtual token will balance client requests over -all configured tokens in accordance with its configuration parameter. +A virtual token will balance client requests over all configured +tokens in accordance with the configuration parameter 'balance'. -Balance mode has one parameter, a list of invocation counts. An +TODO: Update this section. +... a list of invocation counts. An invocation count is an integer specifying how many times a token -should be invoked before moving to the next in the list. The first +will be invoked before switching to the next token in the list. The first integer in the list corresponds to the first token, the second integer to the second token, and so on. -The default invocation count is one. +The default invocation count is one per token. +TBD: Make it 10 or something? + + +### modules + +A list of PKCS #11 modules backing the virtual token. + +Each entry in this list has a name, a path to the shared library to +load and, optionally, an environment to run it in. The environment can +be used to pass configuration to the module. + ## Running p11p-daemon |