Server Operations
Important Server Flags
Section titled “Important Server Flags”| Flag | Purpose |
|---|---|
--bind / --port | Listener address and port |
--data-dir | Persistent storage root |
--backup-dir | Directory for server-local logical backup files |
--user / --password | Bootstrap/admin credentials |
--disable-auth | Disable auth for trusted local testing only |
--ssl | Enable TLS |
--tls-cert / --tls-key | TLS certificate and private key |
--tls-client-ca | Require client certificates signed by this CA bundle |
--wal-sync | WAL durability policy |
--wal-segment-size-bytes | Segment rotation threshold |
--wal-retain-segments | Sealed segment retention count |
--snapshot-interval-seconds | Periodic background snapshotting |
--expiration-sweep-interval-seconds | Background TTL sweeper |
--idle-timeout-seconds | Disconnect idle clients |
--audit-log-path | Override audit log location |
--replication-role | standalone, leader, or follower |
--node-id / --replication-group-id | Stable node and cluster identity |
--replication-advertise-addr | Address this node advertises to peers |
--replication-upstream | Initial upstream source for follower catch-up |
--write-ack-mode | replica / majority by default; local and all are explicit alternatives |
--cluster-peers | Static peers in node_id@host:port form |
Default Runtime Behavior
Section titled “Default Runtime Behavior”Unless configured otherwise, the server starts with:
- plaintext TCP transport
- auth enabled
- outbound zstd frame compression enabled
- server-managed encrypted persistence under
--data-dir - append-only audit logging
- maintenance mode disabled
For runtime deployment, prefer the published server image:
docker run --rm \ -p 9173:9173 \ -v vaylix-data:/var/lib/vaylix \ -v "$(pwd)/certs:/certs:ro" \ -e VAYLIX_USER=vaylix \ -e VAYLIX_PASSWORD=vaylix \ -e VAYLIX_SSL=true \ -e VAYLIX_TLS_CERT=/certs/server.crt \ -e VAYLIX_TLS_KEY=/certs/server.key \ ghcr.io/vaylix/vaylix:latestFor persisted Docker deployments, 0.5.1+ correctly reconciles bootstrap credentials. Restarting against an existing volume with new VAYLIX_USER or VAYLIX_PASSWORD values rotates the env-managed startup admin correctly instead of leaving the old bootstrap credential active.
Require mTLS by adding a client CA bundle:
docker run --rm \ -p 9173:9173 \ -v vaylix-data:/var/lib/vaylix \ -v "$(pwd)/certs:/certs:ro" \ -e VAYLIX_USER=vaylix \ -e VAYLIX_PASSWORD=vaylix \ -e VAYLIX_SSL=true \ -e VAYLIX_TLS_CERT=/certs/server.crt \ -e VAYLIX_TLS_KEY=/certs/server.key \ -e VAYLIX_TLS_CLIENT_CA=/certs/client-ca.crt \ ghcr.io/vaylix/vaylix:latestMaintenance Mode
Section titled “Maintenance Mode”Maintenance mode is an operational read-only admin mode:
maintenance onmaintenance statusmaintenance offWhen enabled, the node keeps read and inspection paths available while rejecting mutating writes, restore flows, and transaction entry/commit.
HA and Replication Operations
Section titled “HA and Replication Operations”The current 0.8.x line includes automatic leader election, quorum-backed write acknowledgement, and cluster membership inspection. The recommended HA topology is three voting nodes with stable node IDs and peer addresses.
Operational inspection commands:
healthshow clustershow replicationAdministrative controls:
cluster join <node-id> <host:port>cluster remove <node-id>promote followerpause replicationresume replicationCurrent scope:
- automatic election and majority quorum writes are supported
replicaandmajorityare equivalent write acknowledgement modeslocalwrites are explicitly weaker and not HA-safe- followers may serve stale reads
- linearizable follower reads, sharding, MVCC, and distributed transactions are not implemented
WAL and Snapshot Behavior
Section titled “WAL and Snapshot Behavior”Current physical persistence behavior:
- WAL lives under
<data-dir>/wal/ - snapshots write
snapshot.bin - manifests write
manifest.bin - snapshots seal the active WAL segment, create a new active segment, and prune old sealed segments according to retention
Audit Logging
Section titled “Audit Logging”Audit logging is enabled automatically.
Default path:
<data-dir>/audit.logThe log is SHA-256 hash chained and verified on startup.
Offline Storage Tooling
Section titled “Offline Storage Tooling”Use the main vaylix binary for offline storage work:
vaylix storage verify --data-dir /var/lib/vaylixvaylix storage migrate --data-dir /var/lib/vaylixvaylix pitr inspect --data-dir /var/lib/vaylixOffline PITR-oriented restore writes a new target directory:
vaylix pitr restore \ --source-dir /var/lib/vaylix \ --target-dir /tmp/vaylix-restore \ --to-sequence 1234