meshd.conf - Clockwork Mesh Server configuration file




meshd(1) reads its configuration from /etc/clockwork/meshd.conf (unless a different file is specified with the -c option).

Valid configuration directives, and their meanings, are as follows:

broadcast - Broadcast Channel bind address

This specifies what interfaces/addresses meshd should bind to for publishing commands to subscribed cogd(1) nodes.

The standard port is 2315, and most of the time you'll want to listen on any available interface. This is the default, *:2315.

control - Control Channel bind address

This specifies what interfaces/addresses meshd should bind to for accepting inbound queries from clients, as well as result messages from subscribed cogd(1) nodes.

The standard port is 2316, and most of the time you'll want to listen on any available interface. This is the default, *:2316.

security.cert - Master Certificate

This certificate is used to identify this meshd instance to connecting clients and cogd nodes. It must contain both the public and private keys.

Defaults to /etc/clockwork/certs/meshd.

auth.service - PAM Authentication Service

For password-based authentication, where the remote user provides their username and password, meshd will use PAM to verify the credentials. This gives the system administrator full control over the authentication policy in play for Mesh.

Defaults to clockwork.

auth.trusted - Public Key Trust Database

For public-key authentication, where the remote user proves that they have access to the private component of a user keypair, meshd uses a trust database to keep track of what public keys have been marked as trusted for what usernames.

The trust database is a flat file containing only publicly available information, so it doesn't need any special permissions.

Defaults to /etc/clockwork/auth/trusted.

The trust database can be managed with the cw-trust tool.

query_cache.size - Query Cache Size

This configuration option lets you size the query cache to the infrastructure. For each query that meshd fields, it places an entry in the query connection cache to keep track of the query results. Cache entries are purged regularly, pursuant to qcache.expiration, to make room for new client queries.

The value chosen for the connection cache size depends on the number of concurrent queries you expect meshd to service. For most environments the default size of 2048 entries should be sufficient.

query_cache.expiration - Query Cache Expiration

Controls how long meshd will wait before purging queries from its query cache. The age of a query is calculated starting from the last time the requesting client retrieved results for it (not as an absolute time since query submission).

This value is specified in seconds.

pidfile - PID file for storing the daemon process ID

Defaults to /var/run/

syslog.ident - Syslog identity string

Defaults to meshd.

syslog.facility - Syslog facility for logging

Defaults to daemon.

syslog.level - Log level

Valid values are:


Fatal issues that cause immediate termination.


Non-fatal issues that prevent proper system operation.


Minor problems that do not hinder system operation.


Informational messages that assist in system diagnostics.


More in-depth informational messages, for troubleshooting.


Messages for chasing down bugs.

Each level includes all "more important" levels. warning will log critical and error messages. notice is everything but debugging messages, etc.

A good starting point is warning; default is error.


Here is the default configuration, made explicit:

listen              *:2314
pidfile             /var/run/
manifest            /etc/clockwork/manifest.pol
copydown            /etc/clockwork/gather.d

security.strict     yes
security.trusted    /etc/clockwork/certs/trusted
security.cert       /etc/clockwork/certs/meshd

ccache.connections  2048
ccache.expiration   600

syslog.ident        meshd
syslog.facility     daemon
syslog.level        error


clockwork(7), clockd(1), clockd.conf(5) and cogd.conf(5)


Clockwork was designed and written by James Hunt.

The Clockwork website is licensed under the Creative Commons Attribution-NoDerivs 3.0 United States License